Attack and Defense of Deep Learning Models in the Field of Web Attack Detection
Lijia Shi, Shihao Dong
TL;DR
This paper addresses the vulnerability of deep learning-based web attack detection (WAD) to backdoor attacks in HTTP request text. It introduces five text-based backdoor triggers (ISS, ISE, DBS, HLR, RFR) and two defenses: naive fine-tuning and cross-entropy/embedding-based multi-task fine-tuning (CF-FT), evaluating them on textCNN, biLSTM, and tinyBERT. Results show high attack success rates (average around $85$–$87\%$) across datasets, while CF-FT significantly reduces ASR with modest impact on clean accuracy. The work highlights a previously underexplored risk in WAD and provides a practical defense mechanism, laying groundwork for future backdoor defense research in NLP-driven web security.
Abstract
The challenge of WAD (web attack detection) is growing as hackers continuously refine their methods to evade traditional detection. Deep learning models excel in handling complex unknown attacks due to their strong generalization and adaptability. However, they are vulnerable to backdoor attacks, where contextually irrelevant fragments are inserted into requests, compromising model stability. While backdoor attacks are well studied in image recognition, they are largely unexplored in WAD. This paper introduces backdoor attacks in WAD, proposing five methods and corresponding defenses. Testing on textCNN, biLSTM, and tinybert models shows an attack success rate over 87%, reducible through fine-tuning. Future research should focus on backdoor defenses in WAD. All the code and data of this paper can be obtained at https://anonymous.4open.science/r/attackDefenceinDL-7E05