作者:
Rokia Lamrani AlaouiEl Habib NfaouiPhD student
LISAC Laboratory Department of Computer Science Faculty of Sciences Dhar El Mahraz Sidi Mohamed Ben Abdellah University Fez Morocco Full Professor
LISAC Laboratory Department of Computer Science Faculty of Sciences Dhar El Mahraz Sidi Mohamed Ben Abdellah University Fez Morocco
web-based applications are prone to many web security attacks because they are openly-accessible and convenient. Most techniques used to prevent webattacks have some limitations; they cannot detect zero-day attacks a...
详细信息
web-based applications are prone to many web security attacks because they are openly-accessible and convenient. Most techniques used to prevent webattacks have some limitations; they cannot detect zero-day attacks and cannot analyze complex attacks, and should be maintained and updated regularly by security experts. Recently, there have been more research work on using deep learning for detecting web intrusions. Moreover, since most high risk webattacks are injected into HTTP web requests, detecting most webattacks needs classifying HTTP web requests into normal and anomalous. In this paper, we propose an approach based on Word2vec embedding and a stacked generalization ensemble model for LSTMs to detect malicious HTTP web requests. We evaluate our classification model performance using the HTTP CSIC 2010 dataset. We show that the combination of different word-level embeddings in a stacked generalization ensemble model for LSTMs has good performance both in terms of classification metrics and training time.
web applications have become a favored tool for organizations to disseminate vast amounts of information to the public. With the increasing adoption and inherent openness of these applications, there is an observed su...
详细信息
web applications have become a favored tool for organizations to disseminate vast amounts of information to the public. With the increasing adoption and inherent openness of these applications, there is an observed surge in web-based attacks exploited by adversaries. However, most of the web attack detection works are based on public datasets that are outdated or do not cover a sufficient quantity of web application attacks. Furthermore, most of them are binary detection (i.e., normal or attack) and there is little work on multi-class web attack detection. This highlights the crucial need for automated web attack detection models to bolster web security. In this study, a suite of integrated machine learning and deep learning models is designed to detect webattacks. Specifically, this study employs the Character-level Support Vector Machine (Char-SVM), Character-level Long Short-Term Memory (Char-LSTM), Convolutional Neural Network- SVM (CNN-SVM), and CNN-Bi-LSTM models to differentiate between standard HTTP requests and HTTP-based attacks in both the CSIC 2010 and SR-BH 2020 datasets. Note that the CSIC 2010 dataset involves binary classification, while the SR-BH 2020 dataset involves multi-class classification, specifically with 13 classes. Notably, the input data is first converted to the character level before being fed into any of the proposed model architectures. In the binary classification task, the Char-SVM model with a linear kernel outperforms other models, achieving an accuracy rate of 99.60%. The CNN-Bi-LSTM model closely follows with a 99.41% accuracy, surpassing the performance of the CNN-LSTM model presented in previous research. In the context of multi-class classification, the CNN-Bi-LSTM model demonstrates outstanding performance with a 99.63% accuracy rate. Furthermore, the multi-class classification models, namely Char-LSTM and CNN-Bi-LSTM, achieve validation accuracies above 98%, outperforming the two machine learning-based methods mentioned in
web applications are the best Internet-based solution to provide online web services, but they also bring serious security challenges. Thus, enhancing web applications security against hacking attempts is of paramount...
详细信息
web applications are the best Internet-based solution to provide online web services, but they also bring serious security challenges. Thus, enhancing web applications security against hacking attempts is of paramount importance. Traditional web Application Firewalls based on manual rules and traditional Machine Learning need a lot of domain expertise and human intervention and have limited detection results faced with the increasing number of unknown webattacks. To this end, more research work has recently been devoted to employing Deep Learning (DL) approaches for web attacks detection. We performed a Systematic Literature Review (SLR) and quality analysis of 63 Primary Studies (PS) on DL-based web applications security published between 2010 and September 2021. We investigated the PS from different perspectives and synthesized the results of the analyses. To the best of our knowledge, this study is the first of its kind on SLR in this field. The key findings of our study include the following. (i) It is fundamental to generate standard real-world webattacks datasets to encourage effective contribution in this field and to reduce the gap between research and industry. (ii) It is interesting to explore some advanced DL models, such as Generative Adversarial Networks and variants of Encoders-Decoders, in the context of web attacks detection as they have been successful in similar domains such as networks intrusion detection. (iii) It is fundamental to bridge expertise in web applications security and expertise in Machine Learning to build theoretical Machine Learning models tailored for web attacks detection. (iv) It is important to create a corpus for web attacks detection in order to take full advantage of text mining in DL-based web attacks detection models construction. (v) It is essential to define a common framework for developing and comparing DL-based web attacks detection models. This SLR is intended to improve research work in the domain of DL-based web
Today, with the development of technology, communication tools like computers, phones, tablets and etc. use the http as default protocol. The fact that large data stream transactions are over the http protocol has cau...
详细信息
ISBN:
(纸本)9781538609309
Today, with the development of technology, communication tools like computers, phones, tablets and etc. use the http as default protocol. The fact that large data stream transactions are over the http protocol has caused this protocol to become a target for attackers. It is important to analyse HTTP traffic for attack prevention systems and to detect attack attempts. Signature based, anomaly based and mixed methods are used for the intrusion detection system. The most common attack methods applied by attackers using http traffic are SQL injection, cross-site scripting (XSS), cross-site request forgery (CRLF injection), malicious file execution, unsafe direct object reference (OSS) etc. For these attacks, we will talk about anomalous attack prevention. The study used the CSIC 2010 HTTP dataset, which contains popular types of attacks and is openly accessible. Decision Tree (C4.5), K Nearest Neighborhood (KNN) algorithms were used for the emerging classes. As a result, a significant result of 96.26% has been achieved.
Injection attacks (e.g. XSS or SQL) are ranked at the first place in world-wide lists (e.g. MITRE and OWASP). These types of attacks can be easily obfuscated. Therefore it is difficult or even impossible to provide a ...
详细信息
ISBN:
(纸本)9783662452370;9783662452363
Injection attacks (e.g. XSS or SQL) are ranked at the first place in world-wide lists (e.g. MITRE and OWASP). These types of attacks can be easily obfuscated. Therefore it is difficult or even impossible to provide a reliable signature for firewalls that will detect such attacks. In this paper, we have proposed an innovative method for modelling the normal behaviour of web applications. The model is based on information obtained from HTTP requests generated by a client to a web server. We have evaluated our method on CSIC 2010 HTTP Dataset achieving satisfactory results.
暂无评论