<p>Traditional Rule-Based Web Application firewalls (WAFs) are severely limited in defending against sophisticated attacks, such as zero-day exploits, polymorphic SQL injection, and advanced persistent threats, as they achieve less than 12% of detection on new attack variants. This research presents a Hybrid Deep Learning Framework (HDLF), which is a three-tier intelligent architecture that combines the use of Convolutional Neural Networks (CNNs) for extracting spatial payload features; Bidirectional Long Short-Term Memory (BiLSTM) networks for modeling temporal sequential attacks; and an isolation forest with adaptive dynamic thresholding for unsupervised anomaly detection. The framework employs a new cross modal multi-head attention fusion mechanism for aligning spatial and temporal feature representations and an automated 247-feature hierarchical extraction pipeline that eliminates manual feature engineering. Testing the HDLF framework using five benchmark datasets, such as CSIC 2010, UNSW-NB15, Enterprise Cloudflare Traffic Corpus (10&#xa0;million requests), Zero-Day Simulation Set (15,000 variants), and API-Specific Dataset (30,000 REST requests). Demonstrates that HDLF achieves 99.2 ± 0.12% detection accuracy, 2.31 ± 0.18% false positive rate, 8.7 an average inference latency, and 114,000 requests per second throughput. The Wilcoxon signed-rank statistic test (<i>p</i> &lt; 0.001) confirms that all baseline models were outperformed by the HDLF. HDLF successfully identified 847 synthetic generated zero-day attack variants and achieved 71–78% cost savings compared to commercial WAF solutions and demonstrated its feasibility for scalable enterprise cloud security deployments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A hybrid deep learning and attention fusion framework for intelligent zero-day threat detection in cloud web application firewalls

  • Kusuma Kumari Daram,
  • P. Senthil Kumar

摘要

Traditional Rule-Based Web Application firewalls (WAFs) are severely limited in defending against sophisticated attacks, such as zero-day exploits, polymorphic SQL injection, and advanced persistent threats, as they achieve less than 12% of detection on new attack variants. This research presents a Hybrid Deep Learning Framework (HDLF), which is a three-tier intelligent architecture that combines the use of Convolutional Neural Networks (CNNs) for extracting spatial payload features; Bidirectional Long Short-Term Memory (BiLSTM) networks for modeling temporal sequential attacks; and an isolation forest with adaptive dynamic thresholding for unsupervised anomaly detection. The framework employs a new cross modal multi-head attention fusion mechanism for aligning spatial and temporal feature representations and an automated 247-feature hierarchical extraction pipeline that eliminates manual feature engineering. Testing the HDLF framework using five benchmark datasets, such as CSIC 2010, UNSW-NB15, Enterprise Cloudflare Traffic Corpus (10 million requests), Zero-Day Simulation Set (15,000 variants), and API-Specific Dataset (30,000 REST requests). Demonstrates that HDLF achieves 99.2 ± 0.12% detection accuracy, 2.31 ± 0.18% false positive rate, 8.7 an average inference latency, and 114,000 requests per second throughput. The Wilcoxon signed-rank statistic test (p < 0.001) confirms that all baseline models were outperformed by the HDLF. HDLF successfully identified 847 synthetic generated zero-day attack variants and achieved 71–78% cost savings compared to commercial WAF solutions and demonstrated its feasibility for scalable enterprise cloud security deployments.