[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3532213.3532251acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiccaiConference Proceedingsconference-collections
research-article

URL Based File Inclusion Attack Behavior Analysis and An Autoencoder Detection Model

Published: 13 July 2022 Publication History

Abstract

The development of network and communication technologies and the construction of information technology in universities have improved the efficiency of learning and work of teachers and students, while at the same time, unscrupulous elements have used a variety of attack methods to pose a great threat to the interests of schools and students. hackers can exploit vulnerabilities in web applications to illegally gain access, inject malicious code, steal information and more. File inclusion attack is one of the main types of attacks on the Web. For the file inclusion attack, this paper firstly analyses its attack method and its performance on the url, and secondly extracts the relevant features based on the real campus network traffic data to form a feature dataset. In view of the unbalanced data and sparse abnormal samples and the characteristics of the real feature data, a detection method based on the autoencoder model and the percentage threshold selection method is designed. The experimental evaluation results show that the classification accuracy of the method can reach as high as 95.3%, this method can effectively detect the traffic containing file inclusion attack and provide a new idea for the detection of file inclusion attack.

References

[1]
Phadke A, Kulkarni M, Bhawalkar P, A review of machine learning methodologies for network intrusion detection[C]//2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). IEEE, 2019: 272-275.
[2]
Y. Li, "Research on Application of Convolutional Neural Network in Intrusion Detection," 2020 7th International Forum on Electrical Engineering and Automation (IFEEA), 2020, pp. 720-723.
[3]
GUO Chun, CAI Wenyan, SHEN Guowei, Research on SQL Injection Attacks Detection Method Based on the Truncated Key Payload[J]. Netinfo Security, 2021, 21(7): 43-53.
[4]
J. K. R, S. Balaji B, N. Pandey, P. Beriwal and A. Amarajan, "An Efficient SQL Injection Detection System Using Deep Learning," 2021 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE), 2021, pp. 442-445.
[5]
K. Zhang, "A Machine Learning Based Approach to Identify SQL Injection Vulnerabilities," 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2019, pp. 1286-1288.
[6]
K. A. H. H. B. C. K. M. Sahidi, M. A. M. Ariffin, M. I. Ramli and Z. Kasiran, "Local File Inclusion Vulnerability Scanner with Tor Proxy," 2021 IEEE International Conference on Signal and Image Processing Applications (ICSIPA), 2021, pp. 244-249.
[7]
Bengio Y, Goodfellow I, Courville A. Deep learning[M]. Massachusetts, USA:: MIT press, 2017.
[8]
T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi and M. Ghogho, "Deep learning approach for Network Intrusion Detection in Software Defined Networking," 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), 2016, pp. 258-263.
[9]
Vijayanand R, Devaraj D, Kannapiran B. A novel deep learning based intrusion detection system for smart meter communication network[C]//2019 IEEE International Conference on Intelligent Techniques in Control, Optimization and Signal Processing (INCOS). IEEE, 2019: 1-3.
[10]
Begum A, Hassan M M, Bhuiyan T, RFI and SQLi based local file inclusion vulnerabilities in web applications of Bangladesh[C]//2016 International Workshop on Computational Intelligence (IWCI). IEEE, 2016: 21-25.
[11]
Tajbakhsh M S, Bagherzadeh J. A sound framework for dynamic prevention of Local File Inclusion[C]//2015 7th Conference on Information and Knowledge Technology (IKT). IEEE, 2015: 1-6.
[12]
Johnson G. Remote and local file inclusion explained[J]. Hacking9, 2008.
[13]
Meidan Y, Bohadana M, Mathov Y, N-baiot—network-based detection of iot botnet attacks using deep autoencoders[J]. IEEE Pervasive Computing, 2018, 17(3): 12-22.
[14]
Hwang R H, Peng M C, Huang C W. Detecting IoT Malicious Traffic based on Autoencoder and Convolutional Neural Network[C]//2019 IEEE Globecom Workshops (GC Wkshps). IEEE, 2019: 1-6.
[15]
Bhatia R, Benno S, Esteban J, Unsupervised machine learning for network-centric anomaly detection in iot[C]//Proceedings of the 3rd acm conext workshop on big data, machine learning and artificial intelligence for data communication networks. 2019: 42-48.

Cited By

View all
  • (2023)Beyond the Basics: A Study of Advanced Techniques for Detecting and Preventing SQL Injection Attacks2023 4th International Conference on Smart Electronics and Communication (ICOSEC)10.1109/ICOSEC58147.2023.10276077(628-631)Online publication date: 20-Sep-2023

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICCAI '22: Proceedings of the 8th International Conference on Computing and Artificial Intelligence
March 2022
809 pages
ISBN:9781450396110
DOI:10.1145/3532213
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 July 2022

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. autoencoder
  2. behaviour analysis
  3. feature extraction
  4. file inclusion attack

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

  • Normal Project of Science and Technology at Beijing Information Science and Technology University

Conference

ICCAI '22

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)19
  • Downloads (Last 6 weeks)5
Reflects downloads up to 28 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2023)Beyond the Basics: A Study of Advanced Techniques for Detecting and Preventing SQL Injection Attacks2023 4th International Conference on Smart Electronics and Communication (ICOSEC)10.1109/ICOSEC58147.2023.10276077(628-631)Online publication date: 20-Sep-2023

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media