Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request
Pages 351 - 361
Abstract
Abstract
In the era of information technology, the use of computer technology for both work and personal use is growing rapidly with time. Unfortunately, with the increasing number and size of computer networks and systems, their vulnerability also increases. Protecting web applications of organizations is becoming increasingly relevant as most of the transactions are carried out over the Internet. Traditional security devices control attacks at the network level, but modern web attacks occur through the HTTP protocol at the application level. On the other hand, the attacks often come together. For example, a denial of service attack is used to hide code injection attacks. The system administrator spends a lot of time to keep the system running, but they may forget the code injection attacks. Therefore, the main task for system administrators is to detect network attacks at the application level using a web application firewall and apply effective algorithms in this firewall to train web application firewalls automatically for increasing his efficiency. The article introduces parameterization of the task for increasing the accuracy of query classification by the random forest method, thereby creating the basis for detecting attacks at the application level.
References
[1]
An, X., Su Ji, Lu, X., and Lin, F., Hypergraph clustering model-based association analysis of DDOS attacks in fog computing intrusion detection system, EURASIP J. Wireless Commun. Networking, 2018, no. 1, p. 249.
[2]
Clotet X., Moyano J., and Leon G. A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of critical infrastructures Int. J. Crit. Infrastruct. Prot. 2018 23 11-20
[3]
Aljawarneh S., Aldwairi M., and Yassein Muneer B. Anomaly based intrusion detection system through feature selection analysis and building hybrid efficient model J. Comput. Sci. 2018 25 152-160
[4]
Siddiqui, Md.A. et al., Detecting cyber attacks using anomaly detection with explanations and expert feedback, Proc. IEEE Int. Conf. on Acoustics, Speech, and Signal Processing (ICASSP 2019), Brighton, 2019, pp. 2872–2876.
[5]
Nikisins, O., Mohammadi, A., Anjos, A., and Marcel, S., On effectiveness of anomaly detection approaches against unseen presentation attacks in face anti-spoofing, Proc. Int. Conf. on Biometrics (ICB), Gold Coast, 2018, pp. 75–81.
[6]
Inoue, K., Honda, T., Mukaiyama, K., Ohki, T., and Nishigaki, M., Automatic examination-based whitelist generation for XSS attack detection, Proc. Int. Conf. on Broadband and Wireless Computing, Communication and Applications, Springer, 2018, pp. 326–338.
[7]
Melis L., Pyrgelis A., and De Cristofaro E. On collaborative predictive blacklisting ACM SIGCOMM Comput. Commun. Rev. 2019 48 9-20
[8]
Chen, X.L., Li, M., Jiang, Y., and Sun, Y., A comparison of machine learning algorithms for detecting XSS attacks, Proc. Int. Conf. on Artificial Intelligence and Security, Springer, 2019, pp. 214–224.
[9]
Zhang, J., Jou, Y.-T., and Li, X., Cross-site scripting (XSS) detection integrating evidences in multiple stages, Proc. 52nd Hawaii Int. Conf. on System Sciences, Grand Wailea, 2019.
[10]
Fang, Y., Li, Y., Liu, L., and Huang, C., Deepxss: Cross site scripting detection based on deep learning, Proc. 2018 ACM Int. Conf. on Computing and Artificial Intelligence, Chengdu, 2018, pp. 47–51.
[11]
Ross K. SQL injection detection using machine learning techniques and multiple data sources 2018
[12]
Moh, M., Pininti, S., Doddapaneni, S., and Moh, T.-S., Detecting web attacks using multi-stage log analysis, Proc. IEEE 6th Int. Conf. on Advanced Computing (IACC), IEEE, 2016, pp. 733–738.
[13]
Kar Debabrata, Sahoo Ajit Kumar, Agarwal Khushboo, Panigrahi Suvasini, and Das Madhabananda, Learning to detect SQLIA using node centrality with feature selection, Proc. Int. Conf. on Computing, Analytics and Security Trends (CAST), IEEE, 2016, pp. 18–23.
[14]
Phonsa, V., Kim, H., and Andrews, D., US Patent 9,660,960, 2017.
[15]
Yuan, H. et al., Research and implementation of WEB application firewall based on feature matching, Proc. Int. Conf. on Application of Intelligent Systems in Multimodal Information Analytics, Springer, 2019, pp. 1223–1231.
[16]
Keijer, J., Automated DDoS mitigation based on known attacks using a web application firewall, B.S. Thesis, Univ. of Twente, 2019.
[17]
Memen Akbar and Ridha Muhammad Arif Fadhly SQL injection and cross site scripting prevention using OWASP ModSecurity WebApplication firewall Int. J. Inf. Visualization 2018 2 286-292
[18]
Zhan, J. et al., An effective feature representation of web log data by leveraging byte pair encoding and TF-IDF, Proc. ACM Turing Celebration Conf.-China, ACM, 2019, p. 62.
[19]
Rong, W., Zhang, B., and Lv, X., Malicious web request detection using character-level CNN, Proc. Int. Conf. on Machine Learning for Cyber Security, Springer, 2019, pp. 6–16.
[20]
Betarte, G., Pardo, A., and Martınez, R., Web application attacks detection using machine learning techniques, Proc. 17th IEEE Int. Conf. on Machine Learning and Applications (ICMLA), IEEE, 2018, pp. 1065–1072.
[21]
Nguyen H.T., Torrano-Gimenez C., Alvarez G., Petrovic S., and Franke K. Computational Intelligence in Security for Information Systems 2011 Berlin, Heidelberg Springer
[22]
Kozik R., Choraś M., Holubowicz W., and Renk R. Image Processing and Communications Challenges 8 2017 Cham Springer Int. Publ.
[23]
Kozik, R. and Choras, M., Adapting an ensemble of one-class classifiers for a web-layer anomaly detection system, Proc. 10th Int. Conf. on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 724–729.
[24]
Loffler, M., Improvement of intrusion detection using multiple classifier model, Diploma Thesis, FIIT STU, 2017.
[25]
Šoltes, F., Improving security of a web system using biology inspired methods, Diploma Thesis, FIIT STU, 2016.
[26]
Eassa A.M., Elhoseny M., El-Bakry H.M., and Salama A.S. NoSQL injection attack detection in web applications using RESTful service Program. Comput. Software 2018 44 435-444
Index Terms
- Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request
Index terms have been assigned to the content through auto-classification.
Recommendations
Defining code-injection attacks
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThis paper shows that existing definitions of code-injection attacks (e.g., SQL-injection attacks) are flawed. The flaws make it possible for attackers to circumvent existing mechanisms, by supplying code-injecting inputs that are not recognized as ...
Defining code-injection attacks
POPL '12This paper shows that existing definitions of code-injection attacks (e.g., SQL-injection attacks) are flawed. The flaws make it possible for attackers to circumvent existing mechanisms, by supplying code-injecting inputs that are not recognized as ...
Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications
This paper discussed some of the performance issues in the existing defensive solutions of Java Script injection attacks (e.g. Cross-Site Scripting (XSS) attacks). Moreover, a high level of comparison for such existing solutions has been done based on ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© Pleiades Publishing, Ltd. 2020.
Publisher
Plenum Press
United States
Publication History
Published: 01 September 2020
Accepted: 30 April 2020
Revision received: 25 November 2019
Received: 10 November 2019
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 19 Dec 2024