Skip to main content
Top
Published in:

01-09-2020

Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request

Author: Nguyen Manh Thang

Published in: Programming and Computer Software | Issue 5/2020

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

In the era of information technology, the use of computer technology for both work and personal use is growing rapidly with time. Unfortunately, with the increasing number and size of computer networks and systems, their vulnerability also increases. Protecting web applications of organizations is becoming increasingly relevant as most of the transactions are carried out over the Internet. Traditional security devices control attacks at the network level, but modern web attacks occur through the HTTP protocol at the application level. On the other hand, the attacks often come together. For example, a denial of service attack is used to hide code injection attacks. The system administrator spends a lot of time to keep the system running, but they may forget the code injection attacks. Therefore, the main task for system administrators is to detect network attacks at the application level using a web application firewall and apply effective algorithms in this firewall to train web application firewalls automatically for increasing his efficiency. The article introduces parameterization of the task for increasing the accuracy of query classification by the random forest method, thereby creating the basis for detecting attacks at the application level.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
1.
go back to reference An, X., Su Ji, Lu, X., and Lin, F., Hypergraph clustering model-based association analysis of DDOS attacks in fog computing intrusion detection system, EURASIP J. Wireless Commun. Networking, 2018, no. 1, p. 249. An, X., Su Ji, Lu, X., and Lin, F., Hypergraph clustering model-based association analysis of DDOS attacks in fog computing intrusion detection system, EURASIP J. Wireless Commun. Networking, 2018, no. 1, p. 249.
2.
go back to reference Clotet, X., Moyano, J., and Leon, G., A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of critical infrastructures, Int. J. Crit. Infrastruct. Prot., 2018, vol. 23, pp. 11–20.CrossRef Clotet, X., Moyano, J., and Leon, G., A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of critical infrastructures, Int. J. Crit. Infrastruct. Prot., 2018, vol. 23, pp. 11–20.CrossRef
3.
go back to reference Aljawarneh, S., Aldwairi, M., and Yassein Muneer, B., Anomaly based intrusion detection system through feature selection analysis and building hybrid efficient model, J. Comput. Sci., 2018, vol. 25, pp. 152–160.CrossRef Aljawarneh, S., Aldwairi, M., and Yassein Muneer, B., Anomaly based intrusion detection system through feature selection analysis and building hybrid efficient model, J. Comput. Sci., 2018, vol. 25, pp. 152–160.CrossRef
4.
go back to reference Siddiqui, Md.A. et al., Detecting cyber attacks using anomaly detection with explanations and expert feedback, Proc. IEEE Int. Conf. on Acoustics, Speech, and Signal Processing (ICASSP 2019), Brighton, 2019, pp. 2872–2876. Siddiqui, Md.A. et al., Detecting cyber attacks using anomaly detection with explanations and expert feedback, Proc. IEEE Int. Conf. on Acoustics, Speech, and Signal Processing (ICASSP 2019), Brighton, 2019, pp. 2872–2876.
5.
go back to reference Nikisins, O., Mohammadi, A., Anjos, A., and Marcel, S., On effectiveness of anomaly detection approaches against unseen presentation attacks in face anti-spoofing, Proc. Int. Conf. on Biometrics (ICB), Gold Coast, 2018, pp. 75–81. Nikisins, O., Mohammadi, A., Anjos, A., and Marcel, S., On effectiveness of anomaly detection approaches against unseen presentation attacks in face anti-spoofing, Proc. Int. Conf. on Biometrics (ICB), Gold Coast, 2018, pp. 75–81.
6.
go back to reference Inoue, K., Honda, T., Mukaiyama, K., Ohki, T., and Nishigaki, M., Automatic examination-based whitelist generation for XSS attack detection, Proc. Int. Conf. on Broadband and Wireless Computing, Communication and Applications, Springer, 2018, pp. 326–338. Inoue, K., Honda, T., Mukaiyama, K., Ohki, T., and Nishigaki, M., Automatic examination-based whitelist generation for XSS attack detection, Proc. Int. Conf. on Broadband and Wireless Computing, Communication and Applications, Springer, 2018, pp. 326–338.
7.
go back to reference Melis, L., Pyrgelis, A., and De Cristofaro, E., On collaborative predictive blacklisting, ACM SIGCOMM Comput. Commun. Rev., 2019, vol. 48, no. 5, pp. 9–20.CrossRef Melis, L., Pyrgelis, A., and De Cristofaro, E., On collaborative predictive blacklisting, ACM SIGCOMM Comput. Commun. Rev., 2019, vol. 48, no. 5, pp. 9–20.CrossRef
8.
go back to reference Chen, X.L., Li, M., Jiang, Y., and Sun, Y., A comparison of machine learning algorithms for detecting XSS attacks, Proc. Int. Conf. on Artificial Intelligence and Security, Springer, 2019, pp. 214–224. Chen, X.L., Li, M., Jiang, Y., and Sun, Y., A comparison of machine learning algorithms for detecting XSS attacks, Proc. Int. Conf. on Artificial Intelligence and Security, Springer, 2019, pp. 214–224.
9.
go back to reference Zhang, J., Jou, Y.-T., and Li, X., Cross-site scripting (XSS) detection integrating evidences in multiple stages, Proc. 52nd Hawaii Int. Conf. on System Sciences, Grand Wailea, 2019. Zhang, J., Jou, Y.-T., and Li, X., Cross-site scripting (XSS) detection integrating evidences in multiple stages, Proc. 52nd Hawaii Int. Conf. on System Sciences, Grand Wailea, 2019.
10.
go back to reference Fang, Y., Li, Y., Liu, L., and Huang, C., Deepxss: Cross site scripting detection based on deep learning, Proc. 2018 ACM Int. Conf. on Computing and Artificial Intelligence, Chengdu, 2018, pp. 47–51. Fang, Y., Li, Y., Liu, L., and Huang, C., Deepxss: Cross site scripting detection based on deep learning, Proc. 2018 ACM Int. Conf. on Computing and Artificial Intelligence, Chengdu, 2018, pp. 47–51.
11.
go back to reference Ross, K., SQL injection detection using machine learning techniques and multiple data sources, Master’s Project, 2018.CrossRef Ross, K., SQL injection detection using machine learning techniques and multiple data sources, Master’s Project, 2018.CrossRef
12.
go back to reference Moh, M., Pininti, S., Doddapaneni, S., and Moh, T.-S., Detecting web attacks using multi-stage log analysis, Proc. IEEE 6th Int. Conf. on Advanced Computing (IACC), IEEE, 2016, pp. 733–738. Moh, M., Pininti, S., Doddapaneni, S., and Moh, T.-S., Detecting web attacks using multi-stage log analysis, Proc. IEEE 6th Int. Conf. on Advanced Computing (IACC), IEEE, 2016, pp. 733–738.
13.
go back to reference Kar Debabrata, Sahoo Ajit Kumar, Agarwal Khushboo, Panigrahi Suvasini, and Das Madhabananda, Learning to detect SQLIA using node centrality with feature selection, Proc. Int. Conf. on Computing, Analytics and Security Trends (CAST), IEEE, 2016, pp. 18–23. Kar Debabrata, Sahoo Ajit Kumar, Agarwal Khushboo, Panigrahi Suvasini, and Das Madhabananda, Learning to detect SQLIA using node centrality with feature selection, Proc. Int. Conf. on Computing, Analytics and Security Trends (CAST), IEEE, 2016, pp. 18–23.
14.
go back to reference Phonsa, V., Kim, H., and Andrews, D., US Patent 9,660,960, 2017. Phonsa, V., Kim, H., and Andrews, D., US Patent 9,660,960, 2017.
15.
go back to reference Yuan, H. et al., Research and implementation of WEB application firewall based on feature matching, Proc. Int. Conf. on Application of Intelligent Systems in Multimodal Information Analytics, Springer, 2019, pp. 1223–1231. Yuan, H. et al., Research and implementation of WEB application firewall based on feature matching, Proc. Int. Conf. on Application of Intelligent Systems in Multimodal Information Analytics, Springer, 2019, pp. 1223–1231.
16.
go back to reference Keijer, J., Automated DDoS mitigation based on known attacks using a web application firewall, B.S. Thesis, Univ. of Twente, 2019. Keijer, J., Automated DDoS mitigation based on known attacks using a web application firewall, B.S. Thesis, Univ. of Twente, 2019.
17.
go back to reference Akbar Memen, Ridha Muhammad Arif Fadhly, et al., SQL injection and cross site scripting prevention using OWASP ModSecurity WebApplication firewall, Int. J. Inf. Visualization, 2018, vol. 2, no. 4. pp. 286–292.CrossRef Akbar Memen, Ridha Muhammad Arif Fadhly, et al., SQL injection and cross site scripting prevention using OWASP ModSecurity WebApplication firewall, Int. J. Inf. Visualization, 2018, vol. 2, no. 4. pp. 286–292.CrossRef
18.
go back to reference Zhan, J. et al., An effective feature representation of web log data by leveraging byte pair encoding and TF-IDF, Proc. ACM Turing Celebration Conf.-China, ACM, 2019, p. 62. Zhan, J. et al., An effective feature representation of web log data by leveraging byte pair encoding and TF-IDF, Proc. ACM Turing Celebration Conf.-China, ACM, 2019, p. 62.
19.
go back to reference Rong, W., Zhang, B., and Lv, X., Malicious web request detection using character-level CNN, Proc. Int. Conf. on Machine Learning for Cyber Security, Springer, 2019, pp. 6–16. Rong, W., Zhang, B., and Lv, X., Malicious web request detection using character-level CNN, Proc. Int. Conf. on Machine Learning for Cyber Security, Springer, 2019, pp. 6–16.
20.
go back to reference Betarte, G., Pardo, A., and Martınez, R., Web application attacks detection using machine learning techniques, Proc. 17th IEEE Int. Conf. on Machine Learning and Applications (ICMLA), IEEE, 2018, pp. 1065–1072. Betarte, G., Pardo, A., and Martınez, R., Web application attacks detection using machine learning techniques, Proc. 17th IEEE Int. Conf. on Machine Learning and Applications (ICMLA), IEEE, 2018, pp. 1065–1072.
21.
go back to reference Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrovic, S., and Franke, K., Application of the generic feature selection measure in detection of web attacks, in Computational Intelligence in Security for Information Systems, Herrero, Á. and Corchado, E., Eds., Berlin, Heidelberg: Springer, 2011. Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrovic, S., and Franke, K., Application of the generic feature selection measure in detection of web attacks, in Computational Intelligence in Security for Information Systems, Herrero, Á. and Corchado, E., Eds., Berlin, Heidelberg: Springer, 2011.
22.
go back to reference Kozik, R., Choraś, M., Holubowicz, W., and Renk, R., Extreme learning machines for web layer anomaly detection, in Image Processing and Communications Challenges 8, Choraś, R.S., Ed., Cham: Springer Int. Publ., 2017, pp. 226–233. Kozik, R., Choraś, M., Holubowicz, W., and Renk, R., Extreme learning machines for web layer anomaly detection, in Image Processing and Communications Challenges 8, Choraś, R.S., Ed., Cham: Springer Int. Publ., 2017, pp. 226–233.
23.
go back to reference Kozik, R. and Choras, M., Adapting an ensemble of one-class classifiers for a web-layer anomaly detection system, Proc. 10th Int. Conf. on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 724–729. Kozik, R. and Choras, M., Adapting an ensemble of one-class classifiers for a web-layer anomaly detection system, Proc. 10th Int. Conf. on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 724–729.
24.
go back to reference Loffler, M., Improvement of intrusion detection using multiple classifier model, Diploma Thesis, FIIT STU, 2017. Loffler, M., Improvement of intrusion detection using multiple classifier model, Diploma Thesis, FIIT STU, 2017.
25.
go back to reference Šoltes, F., Improving security of a web system using biology inspired methods, Diploma Thesis, FIIT STU, 2016. Šoltes, F., Improving security of a web system using biology inspired methods, Diploma Thesis, FIIT STU, 2016.
26.
go back to reference Eassa, A.M., Elhoseny, M., El-Bakry, H.M., and Salama, A.S., NoSQL injection attack detection in web applications using RESTful service, Program. Comput. Software, 2018, vol. 44, no.6, pp. 435–444.CrossRef Eassa, A.M., Elhoseny, M., El-Bakry, H.M., and Salama, A.S., NoSQL injection attack detection in web applications using RESTful service, Program. Comput. Software, 2018, vol. 44, no.6, pp. 435–444.CrossRef
Metadata
Title
Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request
Author
Nguyen Manh Thang
Publication date
01-09-2020
Publisher
Pleiades Publishing
Published in
Programming and Computer Software / Issue 5/2020
Print ISSN: 0361-7688
Electronic ISSN: 1608-3261
DOI
https://doi.org/10.1134/S0361768820050072

Other articles of this Issue 5/2020

Programming and Computer Software 5/2020 Go to the issue

Premium Partner