Skip to main content
Erschienen in:

01.09.2020

Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request

verfasst von: Nguyen Manh Thang

Erschienen in: Programming and Computer Software | Ausgabe 5/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

In the era of information technology, the use of computer technology for both work and personal use is growing rapidly with time. Unfortunately, with the increasing number and size of computer networks and systems, their vulnerability also increases. Protecting web applications of organizations is becoming increasingly relevant as most of the transactions are carried out over the Internet. Traditional security devices control attacks at the network level, but modern web attacks occur through the HTTP protocol at the application level. On the other hand, the attacks often come together. For example, a denial of service attack is used to hide code injection attacks. The system administrator spends a lot of time to keep the system running, but they may forget the code injection attacks. Therefore, the main task for system administrators is to detect network attacks at the application level using a web application firewall and apply effective algorithms in this firewall to train web application firewalls automatically for increasing his efficiency. The article introduces parameterization of the task for increasing the accuracy of query classification by the random forest method, thereby creating the basis for detecting attacks at the application level.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat An, X., Su Ji, Lu, X., and Lin, F., Hypergraph clustering model-based association analysis of DDOS attacks in fog computing intrusion detection system, EURASIP J. Wireless Commun. Networking, 2018, no. 1, p. 249. An, X., Su Ji, Lu, X., and Lin, F., Hypergraph clustering model-based association analysis of DDOS attacks in fog computing intrusion detection system, EURASIP J. Wireless Commun. Networking, 2018, no. 1, p. 249.
2.
Zurück zum Zitat Clotet, X., Moyano, J., and Leon, G., A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of critical infrastructures, Int. J. Crit. Infrastruct. Prot., 2018, vol. 23, pp. 11–20.CrossRef Clotet, X., Moyano, J., and Leon, G., A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of critical infrastructures, Int. J. Crit. Infrastruct. Prot., 2018, vol. 23, pp. 11–20.CrossRef
3.
Zurück zum Zitat Aljawarneh, S., Aldwairi, M., and Yassein Muneer, B., Anomaly based intrusion detection system through feature selection analysis and building hybrid efficient model, J. Comput. Sci., 2018, vol. 25, pp. 152–160.CrossRef Aljawarneh, S., Aldwairi, M., and Yassein Muneer, B., Anomaly based intrusion detection system through feature selection analysis and building hybrid efficient model, J. Comput. Sci., 2018, vol. 25, pp. 152–160.CrossRef
4.
Zurück zum Zitat Siddiqui, Md.A. et al., Detecting cyber attacks using anomaly detection with explanations and expert feedback, Proc. IEEE Int. Conf. on Acoustics, Speech, and Signal Processing (ICASSP 2019), Brighton, 2019, pp. 2872–2876. Siddiqui, Md.A. et al., Detecting cyber attacks using anomaly detection with explanations and expert feedback, Proc. IEEE Int. Conf. on Acoustics, Speech, and Signal Processing (ICASSP 2019), Brighton, 2019, pp. 2872–2876.
5.
Zurück zum Zitat Nikisins, O., Mohammadi, A., Anjos, A., and Marcel, S., On effectiveness of anomaly detection approaches against unseen presentation attacks in face anti-spoofing, Proc. Int. Conf. on Biometrics (ICB), Gold Coast, 2018, pp. 75–81. Nikisins, O., Mohammadi, A., Anjos, A., and Marcel, S., On effectiveness of anomaly detection approaches against unseen presentation attacks in face anti-spoofing, Proc. Int. Conf. on Biometrics (ICB), Gold Coast, 2018, pp. 75–81.
6.
Zurück zum Zitat Inoue, K., Honda, T., Mukaiyama, K., Ohki, T., and Nishigaki, M., Automatic examination-based whitelist generation for XSS attack detection, Proc. Int. Conf. on Broadband and Wireless Computing, Communication and Applications, Springer, 2018, pp. 326–338. Inoue, K., Honda, T., Mukaiyama, K., Ohki, T., and Nishigaki, M., Automatic examination-based whitelist generation for XSS attack detection, Proc. Int. Conf. on Broadband and Wireless Computing, Communication and Applications, Springer, 2018, pp. 326–338.
7.
Zurück zum Zitat Melis, L., Pyrgelis, A., and De Cristofaro, E., On collaborative predictive blacklisting, ACM SIGCOMM Comput. Commun. Rev., 2019, vol. 48, no. 5, pp. 9–20.CrossRef Melis, L., Pyrgelis, A., and De Cristofaro, E., On collaborative predictive blacklisting, ACM SIGCOMM Comput. Commun. Rev., 2019, vol. 48, no. 5, pp. 9–20.CrossRef
8.
Zurück zum Zitat Chen, X.L., Li, M., Jiang, Y., and Sun, Y., A comparison of machine learning algorithms for detecting XSS attacks, Proc. Int. Conf. on Artificial Intelligence and Security, Springer, 2019, pp. 214–224. Chen, X.L., Li, M., Jiang, Y., and Sun, Y., A comparison of machine learning algorithms for detecting XSS attacks, Proc. Int. Conf. on Artificial Intelligence and Security, Springer, 2019, pp. 214–224.
9.
Zurück zum Zitat Zhang, J., Jou, Y.-T., and Li, X., Cross-site scripting (XSS) detection integrating evidences in multiple stages, Proc. 52nd Hawaii Int. Conf. on System Sciences, Grand Wailea, 2019. Zhang, J., Jou, Y.-T., and Li, X., Cross-site scripting (XSS) detection integrating evidences in multiple stages, Proc. 52nd Hawaii Int. Conf. on System Sciences, Grand Wailea, 2019.
10.
Zurück zum Zitat Fang, Y., Li, Y., Liu, L., and Huang, C., Deepxss: Cross site scripting detection based on deep learning, Proc. 2018 ACM Int. Conf. on Computing and Artificial Intelligence, Chengdu, 2018, pp. 47–51. Fang, Y., Li, Y., Liu, L., and Huang, C., Deepxss: Cross site scripting detection based on deep learning, Proc. 2018 ACM Int. Conf. on Computing and Artificial Intelligence, Chengdu, 2018, pp. 47–51.
11.
Zurück zum Zitat Ross, K., SQL injection detection using machine learning techniques and multiple data sources, Master’s Project, 2018.CrossRef Ross, K., SQL injection detection using machine learning techniques and multiple data sources, Master’s Project, 2018.CrossRef
12.
Zurück zum Zitat Moh, M., Pininti, S., Doddapaneni, S., and Moh, T.-S., Detecting web attacks using multi-stage log analysis, Proc. IEEE 6th Int. Conf. on Advanced Computing (IACC), IEEE, 2016, pp. 733–738. Moh, M., Pininti, S., Doddapaneni, S., and Moh, T.-S., Detecting web attacks using multi-stage log analysis, Proc. IEEE 6th Int. Conf. on Advanced Computing (IACC), IEEE, 2016, pp. 733–738.
13.
Zurück zum Zitat Kar Debabrata, Sahoo Ajit Kumar, Agarwal Khushboo, Panigrahi Suvasini, and Das Madhabananda, Learning to detect SQLIA using node centrality with feature selection, Proc. Int. Conf. on Computing, Analytics and Security Trends (CAST), IEEE, 2016, pp. 18–23. Kar Debabrata, Sahoo Ajit Kumar, Agarwal Khushboo, Panigrahi Suvasini, and Das Madhabananda, Learning to detect SQLIA using node centrality with feature selection, Proc. Int. Conf. on Computing, Analytics and Security Trends (CAST), IEEE, 2016, pp. 18–23.
14.
Zurück zum Zitat Phonsa, V., Kim, H., and Andrews, D., US Patent 9,660,960, 2017. Phonsa, V., Kim, H., and Andrews, D., US Patent 9,660,960, 2017.
15.
Zurück zum Zitat Yuan, H. et al., Research and implementation of WEB application firewall based on feature matching, Proc. Int. Conf. on Application of Intelligent Systems in Multimodal Information Analytics, Springer, 2019, pp. 1223–1231. Yuan, H. et al., Research and implementation of WEB application firewall based on feature matching, Proc. Int. Conf. on Application of Intelligent Systems in Multimodal Information Analytics, Springer, 2019, pp. 1223–1231.
16.
Zurück zum Zitat Keijer, J., Automated DDoS mitigation based on known attacks using a web application firewall, B.S. Thesis, Univ. of Twente, 2019. Keijer, J., Automated DDoS mitigation based on known attacks using a web application firewall, B.S. Thesis, Univ. of Twente, 2019.
17.
Zurück zum Zitat Akbar Memen, Ridha Muhammad Arif Fadhly, et al., SQL injection and cross site scripting prevention using OWASP ModSecurity WebApplication firewall, Int. J. Inf. Visualization, 2018, vol. 2, no. 4. pp. 286–292.CrossRef Akbar Memen, Ridha Muhammad Arif Fadhly, et al., SQL injection and cross site scripting prevention using OWASP ModSecurity WebApplication firewall, Int. J. Inf. Visualization, 2018, vol. 2, no. 4. pp. 286–292.CrossRef
18.
Zurück zum Zitat Zhan, J. et al., An effective feature representation of web log data by leveraging byte pair encoding and TF-IDF, Proc. ACM Turing Celebration Conf.-China, ACM, 2019, p. 62. Zhan, J. et al., An effective feature representation of web log data by leveraging byte pair encoding and TF-IDF, Proc. ACM Turing Celebration Conf.-China, ACM, 2019, p. 62.
19.
Zurück zum Zitat Rong, W., Zhang, B., and Lv, X., Malicious web request detection using character-level CNN, Proc. Int. Conf. on Machine Learning for Cyber Security, Springer, 2019, pp. 6–16. Rong, W., Zhang, B., and Lv, X., Malicious web request detection using character-level CNN, Proc. Int. Conf. on Machine Learning for Cyber Security, Springer, 2019, pp. 6–16.
20.
Zurück zum Zitat Betarte, G., Pardo, A., and Martınez, R., Web application attacks detection using machine learning techniques, Proc. 17th IEEE Int. Conf. on Machine Learning and Applications (ICMLA), IEEE, 2018, pp. 1065–1072. Betarte, G., Pardo, A., and Martınez, R., Web application attacks detection using machine learning techniques, Proc. 17th IEEE Int. Conf. on Machine Learning and Applications (ICMLA), IEEE, 2018, pp. 1065–1072.
21.
Zurück zum Zitat Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrovic, S., and Franke, K., Application of the generic feature selection measure in detection of web attacks, in Computational Intelligence in Security for Information Systems, Herrero, Á. and Corchado, E., Eds., Berlin, Heidelberg: Springer, 2011. Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrovic, S., and Franke, K., Application of the generic feature selection measure in detection of web attacks, in Computational Intelligence in Security for Information Systems, Herrero, Á. and Corchado, E., Eds., Berlin, Heidelberg: Springer, 2011.
22.
Zurück zum Zitat Kozik, R., Choraś, M., Holubowicz, W., and Renk, R., Extreme learning machines for web layer anomaly detection, in Image Processing and Communications Challenges 8, Choraś, R.S., Ed., Cham: Springer Int. Publ., 2017, pp. 226–233. Kozik, R., Choraś, M., Holubowicz, W., and Renk, R., Extreme learning machines for web layer anomaly detection, in Image Processing and Communications Challenges 8, Choraś, R.S., Ed., Cham: Springer Int. Publ., 2017, pp. 226–233.
23.
Zurück zum Zitat Kozik, R. and Choras, M., Adapting an ensemble of one-class classifiers for a web-layer anomaly detection system, Proc. 10th Int. Conf. on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 724–729. Kozik, R. and Choras, M., Adapting an ensemble of one-class classifiers for a web-layer anomaly detection system, Proc. 10th Int. Conf. on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 724–729.
24.
Zurück zum Zitat Loffler, M., Improvement of intrusion detection using multiple classifier model, Diploma Thesis, FIIT STU, 2017. Loffler, M., Improvement of intrusion detection using multiple classifier model, Diploma Thesis, FIIT STU, 2017.
25.
Zurück zum Zitat Šoltes, F., Improving security of a web system using biology inspired methods, Diploma Thesis, FIIT STU, 2016. Šoltes, F., Improving security of a web system using biology inspired methods, Diploma Thesis, FIIT STU, 2016.
26.
Zurück zum Zitat Eassa, A.M., Elhoseny, M., El-Bakry, H.M., and Salama, A.S., NoSQL injection attack detection in web applications using RESTful service, Program. Comput. Software, 2018, vol. 44, no.6, pp. 435–444.CrossRef Eassa, A.M., Elhoseny, M., El-Bakry, H.M., and Salama, A.S., NoSQL injection attack detection in web applications using RESTful service, Program. Comput. Software, 2018, vol. 44, no.6, pp. 435–444.CrossRef
Metadaten
Titel
Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request
verfasst von
Nguyen Manh Thang
Publikationsdatum
01.09.2020
Verlag
Pleiades Publishing
Erschienen in
Programming and Computer Software / Ausgabe 5/2020
Print ISSN: 0361-7688
Elektronische ISSN: 1608-3261
DOI
https://doi.org/10.1134/S0361768820050072

Weitere Artikel der Ausgabe 5/2020

Programming and Computer Software 5/2020 Zur Ausgabe