Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request | Programming and Computer Software
Skip to main content
Springer Nature Link
Log in

Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request

  • Published:
Programming and Computer Software Aims and scope Submit manuscript

Abstract

In the era of information technology, the use of computer technology for both work and personal use is growing rapidly with time. Unfortunately, with the increasing number and size of computer networks and systems, their vulnerability also increases. Protecting web applications of organizations is becoming increasingly relevant as most of the transactions are carried out over the Internet. Traditional security devices control attacks at the network level, but modern web attacks occur through the HTTP protocol at the application level. On the other hand, the attacks often come together. For example, a denial of service attack is used to hide code injection attacks. The system administrator spends a lot of time to keep the system running, but they may forget the code injection attacks. Therefore, the main task for system administrators is to detect network attacks at the application level using a web application firewall and apply effective algorithms in this firewall to train web application firewalls automatically for increasing his efficiency. The article introduces parameterization of the task for increasing the accuracy of query classification by the random forest method, thereby creating the basis for detecting attacks at the application level.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

REFERENCES

  1. An, X., Su Ji, Lu, X., and Lin, F., Hypergraph clustering model-based association analysis of DDOS attacks in fog computing intrusion detection system, EURASIP J. Wireless Commun. Networking, 2018, no. 1, p. 249.

  2. Clotet, X., Moyano, J., and Leon, G., A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of critical infrastructures, Int. J. Crit. Infrastruct. Prot., 2018, vol. 23, pp. 11–20.

    Article  Google Scholar 

  3. Aljawarneh, S., Aldwairi, M., and Yassein Muneer, B., Anomaly based intrusion detection system through feature selection analysis and building hybrid efficient model, J. Comput. Sci., 2018, vol. 25, pp. 152–160.

    Article  Google Scholar 

  4. Siddiqui, Md.A. et al., Detecting cyber attacks using anomaly detection with explanations and expert feedback, Proc. IEEE Int. Conf. on Acoustics, Speech, and Signal Processing (ICASSP 2019), Brighton, 2019, pp. 2872–2876.

  5. Nikisins, O., Mohammadi, A., Anjos, A., and Marcel, S., On effectiveness of anomaly detection approaches against unseen presentation attacks in face anti-spoofing, Proc. Int. Conf. on Biometrics (ICB), Gold Coast, 2018, pp. 75–81.

  6. Inoue, K., Honda, T., Mukaiyama, K., Ohki, T., and Nishigaki, M., Automatic examination-based whitelist generation for XSS attack detection, Proc. Int. Conf. on Broadband and Wireless Computing, Communication and Applications, Springer, 2018, pp. 326–338.

  7. Melis, L., Pyrgelis, A., and De Cristofaro, E., On collaborative predictive blacklisting, ACM SIGCOMM Comput. Commun. Rev., 2019, vol. 48, no. 5, pp. 9–20.

    Article  Google Scholar 

  8. Chen, X.L., Li, M., Jiang, Y., and Sun, Y., A comparison of machine learning algorithms for detecting XSS attacks, Proc. Int. Conf. on Artificial Intelligence and Security, Springer, 2019, pp. 214–224.

  9. Zhang, J., Jou, Y.-T., and Li, X., Cross-site scripting (XSS) detection integrating evidences in multiple stages, Proc. 52nd Hawaii Int. Conf. on System Sciences, Grand Wailea, 2019.

  10. Fang, Y., Li, Y., Liu, L., and Huang, C., Deepxss: Cross site scripting detection based on deep learning, Proc. 2018 ACM Int. Conf. on Computing and Artificial Intelligence, Chengdu, 2018, pp. 47–51.

  11. Ross, K., SQL injection detection using machine learning techniques and multiple data sources, Master’s Project, 2018.

    Book  Google Scholar 

  12. Moh, M., Pininti, S., Doddapaneni, S., and Moh, T.-S., Detecting web attacks using multi-stage log analysis, Proc. IEEE 6th Int. Conf. on Advanced Computing (IACC), IEEE, 2016, pp. 733–738.

  13. Kar Debabrata, Sahoo Ajit Kumar, Agarwal Khushboo, Panigrahi Suvasini, and Das Madhabananda, Learning to detect SQLIA using node centrality with feature selection, Proc. Int. Conf. on Computing, Analytics and Security Trends (CAST), IEEE, 2016, pp. 18–23.

  14. Phonsa, V., Kim, H., and Andrews, D., US Patent 9,660,960, 2017.

  15. Yuan, H. et al., Research and implementation of WEB application firewall based on feature matching, Proc. Int. Conf. on Application of Intelligent Systems in Multimodal Information Analytics, Springer, 2019, pp. 1223–1231.

  16. Keijer, J., Automated DDoS mitigation based on known attacks using a web application firewall, B.S. Thesis, Univ. of Twente, 2019.

  17. Akbar Memen, Ridha Muhammad Arif Fadhly, et al., SQL injection and cross site scripting prevention using OWASP ModSecurity WebApplication firewall, Int. J. Inf. Visualization, 2018, vol. 2, no. 4. pp. 286–292.

    Article  Google Scholar 

  18. Zhan, J. et al., An effective feature representation of web log data by leveraging byte pair encoding and TF-IDF, Proc. ACM Turing Celebration Conf.-China, ACM, 2019, p. 62.

  19. Rong, W., Zhang, B., and Lv, X., Malicious web request detection using character-level CNN, Proc. Int. Conf. on Machine Learning for Cyber Security, Springer, 2019, pp. 6–16.

  20. Betarte, G., Pardo, A., and Martınez, R., Web application attacks detection using machine learning techniques, Proc. 17th IEEE Int. Conf. on Machine Learning and Applications (ICMLA), IEEE, 2018, pp. 1065–1072.

  21. Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrovic, S., and Franke, K., Application of the generic feature selection measure in detection of web attacks, in Computational Intelligence in Security for Information Systems, Herrero, Á. and Corchado, E., Eds., Berlin, Heidelberg: Springer, 2011.

    Google Scholar 

  22. Kozik, R., Choraś, M., Holubowicz, W., and Renk, R., Extreme learning machines for web layer anomaly detection, in Image Processing and Communications Challenges 8, Choraś, R.S., Ed., Cham: Springer Int. Publ., 2017, pp. 226–233.

    Google Scholar 

  23. Kozik, R. and Choras, M., Adapting an ensemble of one-class classifiers for a web-layer anomaly detection system, Proc. 10th Int. Conf. on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Krakow, 2015, pp. 724–729.

  24. Loffler, M., Improvement of intrusion detection using multiple classifier model, Diploma Thesis, FIIT STU, 2017.

  25. Šoltes, F., Improving security of a web system using biology inspired methods, Diploma Thesis, FIIT STU, 2016.

  26. Eassa, A.M., Elhoseny, M., El-Bakry, H.M., and Salama, A.S., NoSQL injection attack detection in web applications using RESTful service, Program. Comput. Software, 2018, vol. 44, no.6, pp. 435–444.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Academy of Cryptography Techniques, 141 Chien Thang, Tan Trieu, Thanh Tri, Ha Noi, Viet Nam

    Nguyen Manh Thang

Authors
  1. Nguyen Manh Thang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nguyen Manh Thang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Thang, N.M. Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request. Program Comput Soft 46, 351–361 (2020). https://doi.org/10.1134/S0361768820050072

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1134/S0361768820050072

Search

Navigation