Anomaly-based Web application firewalls (WAFs) are vital for providing early reactions to novel Web attacks. In recent years, various machine learning, deep learning, and transfer learning-based anomaly detection approaches have been developed to protect against Web attacks. Most of them directly treat the request URL as a general string that consists of letters and roughly use natural language processing (NLP) methods (i.e., Word2Vec and Doc2Vec) or domain knowledge to extract features. In this paper, we proposed an improved feature extraction approach which leveraged the advantage of the semantic structure of URLs. Semantic structure is an inherent interpretative property of the URL that identifies the function and vulnerability of each part in the URL. The evaluations on CSIC-2020 show that our feature extraction method has better performance than conventional feature extraction routine by more than average dramatic 5% improvement in accuracy, recall, and F1-score.

中文翻译：

---

一种改进的基于语义结构的Web异常检测特征提取方法

基于异常的Web应用程序防火墙（WAF）对于提供对新型Web攻击的早期响应至关重要。近年来，已经开发了各种基于机器学习，深度学习和基于转移学习的异常检测方法来防御Web攻击。它们中的大多数直接将请求URL视为由字母组成的通用字符串，并大致使用自然语言处理（NLP）方法（即Word2Vec和Doc2Vec）或领域知识来提取特征。在本文中，我们提出了一种改进的特征提取方法，该方法利用了URL语义结构的优势。语义结构是URL的固有解释属性，用于标识URL中每个部分的功能和漏洞。