GBLNet: Detecting Intrusion Traffic with Multi-granularity BiLSTM

ABSTRACT

Detecting and intercepting malicious requests are some of the most widely used ways against attacks in the network security, especially in the severe COVID-19 environment. Most existing detecting approaches, including matching blacklist characters and machine learning algorithms have all shown to be vulnerable to sophisticated attacks. To address the above issues, a more general and rigorous detection method is required. In this paper, we formulate the problem of detecting malicious requests as a temporal sequence classification problem, and propose a novel deep learning model namely GBLNet, girdling bidirectional LSTM with multi-granularity CNNs. By connecting the shadow and deep feature maps of the convolutional layers, the malicious feature extracting ability is improved on more detailed functionality. Experimental results on HTTP dataset CSIC 2010 demonstrate that GBLNet can efficiently detect intrusion traffic with superior accuracy and evaluating speed, compared with the state-of-the-arts. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.