Abstract
In today’s information driven society and economy, web facing applications are most common way to run information dissemination, banking, e-commerce etc. Web applications are frequently targeted by attackers through intelligently crafted http requests to exploit vulnerabilities existing in the application, front-end, and the web-clients. Some of the most frequent such attacks are SQL Injection, Cross-Site Scripting, Path-traversal, Command Injection, Cross-site request forgery etc. Detecting these attacks up front and blocking them, or redirecting the request to a honey-pot could be a way to prevent web applications from being exploited. In this work, we developed a number of machine learning models for detecting and classifying http requests into normal, and various types of attacks. Currently, the models are applied as an ensemble on the http server logs, to classify and build data analytics on the http requests received by any web server in order to garner threat intelligence, and threat landscape. We also implemented an online log-analysis version that analyzes logs every 15 s to classify http requests in the recent 15 s. However, it can also be used as a web application firewall to block the http requests based on the classification results. We also have implemented an intrusion protection mechanism by redirecting http requests classified upfront as malicious towards a web honeypot. We compare various existing signature based, regular expression based, and machine learning based techniques against our models for detection and classification of http based attacks, and show that our methods achieve better performance over existing techniques.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
ECML/PKDD 2007 Dataset (2007). http://www.lirmm.fr/pkdd2007-challenge/
Xpath injection (2015). https://www.owasp.org/index.php/XPATH_Injection
Gradient boosting (2016). https://machinelearningmastery.com/gentle-introd-uction-gradient-boosting-algorithm-machine-learning/
Logistic regression (2016). https://machinelearningmastery.com/logistic-regre-ssion-for-machine-learning/
Sql injection (2016). https://www.owasp.org/index.php/SQL_Injection
Crlf injection (2018). https://www.owasp.org/index.php/CRLF_Injection
Cross-site scripting (xss) (2018). https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Nearest neighbors (2018). http://scikit-learn.org/stable/modules/neighbors.html
Sophos India (2018).https://www.businesstoday.in/current/economy-politics/76-per-cent-indian-businesses-hit-by-cyber-attacks-in-2018-finds-survey/story/327389.html
World Internet Users and 2019 Population Stats (2019). https://www.internetworldstats.com/stats.htm
acunetix: Path traversal (2017). https://www.acunetix.com/blog/articles/path-traversal/
acunetix: Cross-site scripting (2019). https://www.acunetix.com/websitesecurity/cross-site-scripting/
Althubiti, S., Yuan, X., Esterline, A.: Analyzing http requests for web intrusion detection. KSU Proceedings on Cybersecurity Education, Research and Practice (2017)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Carmen Torrano, A.P., Álvarez, G.: Http csic torpeda 2012 (2012). http://www.tic.itefi.csic.es/torpeda/datasets.html
Carmen Torrano, A.P., Álvarez, G.: Http csic torpeda 2012 (2012). http://www.tic.itefi.csic.es/torpeda
Elprocus: Basic intrusion detection system (2019). https://www.elprocus.com/basic-intrusion-detection-system/
ENISA: Enisa threat landscape report 2018 (2019). https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018
Giménez, C.T., Villegas, A.P., Marañón, G.Á.: Http data set csic 2010. Information Security Institute of CSIC (Spanish Research National Council) (2010)
Hong Cheon, E., Huang, Z., Lee, Y.S.: Preventing sql injection attack based on machine learning. Int. J. Advancements Comput. Technol. 5, 967–974 (2013). https://doi.org/10.4156/ijact.vol5.issue9.115
KF, DP: Xssed dataset (2007). http://www.xssed.com/
Kozik, R., Choraś, M., Renk, R., Hołubowicz, W.: Modelling http requests with regular expressions for detection of cyber attacks targeted at web applications. In: International Joint Conference SOCO 2014-CISIS 2014-ICEUTE 2014, pp. 527–535. Springer, Switzerland (2014). 10.1007/978-3-319-07995-0_52
Kumar, B.S., Ch, T., Raju, R.S.P., Ratnakar, M., Baba, S.D., Sudhakar, N.: Intrusion detection system-types and prevention. Int. J. Comput. Sci. Info. Tech. (IJCSIT) 4(1), 77–82 (2013)
Mansfield, M.: General small business cyber security statistics (2018). https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html
Mereani, F.A., Howe, J.M.: Detecting cross-site scripting attacks using machine learning. In: Hassanien, A.E., Tolba, M.F., Elhoseny, M., Mostafa, M. (eds.) AMLTA 2018. AISC, vol. 723, pp. 200–210. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74690-6_20
Meyer, R.: Detecting attacks on web applications from log files (2008). https://www.sans.org/reading-room/whitepapers/logging/detecting-attacks-web-applications-log-files-2074
OWASP: Owasp modsecurity core rule set (2014). https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/base_rules/modsecurity_crs_40_generic_attacks.conf
OWASP: Owasp top 10–2017 (2017). https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
OWASP: Testing for ldap injection (2017). https://www.owasp.org/index.php/Testing_for_LDAP_Injection_(OTG-INPVAL-006)
OWASP: Command injection (2018). https://www.owasp.org/index.php/Command_Injection
Quinlan, R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo (1993)
Sarmah, A.: Intrusion detection systems: definition, need and challenges (2019). https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-systems-definition-challenges-343
Scholkopf, B., Smola, A.J.: Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond. MIT press, Cambridge (2001)
Shatabda: Ssi injection (2018). https://medium.com/@shatabda/security-ssi-injection-what-how-fbce1dc232b9
Technologies, P.: Web application attack statistics (2018). https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Web-application-attacks-2018-eng.pdf
W3Schools: SQL Injection (2019). https://www.w3schools.com/sql/sql_injection.asp
Yu, J., Tao, D., Lin, Z.: A hybrid web log based intrusion detection model. In: 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS), pp. 356–360. IEEE (2016)
Acknowledgement
This work has been partially supported by grants from the Science and Engineering Research Board (SERB), and Department of Science and Technology (DST), Government of India.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Bhagwani, H., Negi, R., Dutta, A.K., Handa, A., Kumar, N., Shukla, S.K. (2019). Automated Classification of Web-Application Attacks for Intrusion Detection. In: Bhasin, S., Mendelson, A., Nandi, M. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2019. Lecture Notes in Computer Science(), vol 11947. Springer, Cham. https://doi.org/10.1007/978-3-030-35869-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-35869-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-35868-6
Online ISBN: 978-3-030-35869-3
eBook Packages: Computer ScienceComputer Science (R0)