A new approach to improving web application firewall performance based on support vector machine method with analysis of Http request
DOI:
https://doi.org/10.54654/isj.v1i15.842Keywords:
SQL injection, XSS, path Traversal, DDoS, CSRF, signature method, anomaly detection method, machine learning method, HTTP requestTóm tắt
Abstract- Amount of attacks on information system is rapidly increasing not only in numbers but also in quality. Each attack violates properties of confidentiality, integrity, and accessibility of information, most attacks pursue financial gain, especially web attacks because almost companies use web applications for their businesses. The issue of protecting personal data from these attacks has become critical for all organizations and companies. Thus, the need to use an intrusion detection system and an intrusion prevention system to protect these data is relevant. Traditional means of protecting access to the corporate network (firewalls) are not able to protect against most threats directed at Web resources. The reason is that attacks on such resources most often occur at the application level, in the form of HTTP / HTTPS-requests to the site, where traditional firewalls have extremely limited opportunities for analysis and detection attacks. For protecting web resources from attacks at the application level we have special tools - web application firewall (WAF). The task of the tool is detecting and blocking attacks on Web resources at the application level. However, the analysis of incidents of information security shows that even with a class of means of detecting attacks on Web resources, their effectiveness does not provide a 100% detection level. With an aim of applying machine learning methods to improve WAF performance. The author discusses as popular types of attacks on Web applications and the survey of machine learning methods in the attack detection task to build an algorithm for automatic detection
attacks based on the support vector machine and analysis of HTTP request.
Downloads
References
Авезова Яна. Веб-приложения: тестируем на защищенность // Positive Research 2019. — 2019. — С. 144—148.
Ross Kevin. SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources. — 2018.
Uwagbole Solomon Ogbomon, Buchanan William J, Fan Lu. Applied machine learning
predictive analytics to SQL injection attack detection and prevention // 2017 IFIP/IEEE
Symposium on Integrated Network and Service Management (IM). — IEEE. 2017. — P. 1087–1090.
Mishra Sonali. SQL Injection Detection Using Machine Learning. —2019.
Бодров В.А., Белоусова Е.С. Анализ и методы защиты веб-приложений от атак типа LDAPинъекция. — 2019.
Lakhapati Shweta A, Shirbhate PV, Jagtap Shivani, Shrirang Ashwini. Cross site scripting attack // International Journal of Electronics, Communication and Soft Computing Science & Engineering (IJECSCSE). — 2018. — P. 131–135.
Mereani Fawaz A, Howe Jacob M. Detecting Cross-Site Scripting Attacks Using Machine Learning // International Conference on Advanced Machine Learning Technologies and Applications. — Springer. 2018. — P. 200–210.
Akamai. Q3 2017 State of the Internet / Security Report: DDoS Attack Update Q3 2017 vs. Q2 2017. — 2017. — URL: https://www.akamai. com/us/en/about/our-thinking/state-of-theinternet-report/global-stateof-the-internetsecurity-ddos attack-reports.jsp.
Doshi Rohan, Apthorpe Noah, Feamster Nick. Machine learning ddos detection for consumer internet of things devices // 2018 IEEE Security and Privacy Workshops (SPW). — IEEE. 2018. — P. 29–35.
Idhammad Mohamed, Afdel Karim, Belouch Mustapha. Semi-supervised machine learning approach for DDoS detection // Applied Intelligence. — 2018. — Vol. 48, no. 10. — P. 3193–3208.
Fleming Theodor, Wilander Hjalmar. Network intrusion and detection: An evaluation of snort. 2018.
Shah Syed Ali Raza, Issac Biju. Performance comparison of intrusion detection systems and application of machine learning to Snort system // Future Generation Computer Systems. — 2018. — Vol. 80. — P. 157– 170.
Duessel Patrick, Gehl Christian, Flegel Ulrich, Dietrich Sven, Meier Michael. Detecting zeroday attacks using context aware anomaly detection at the application-layer // International Journal of Information Security. — 2017. — Vol. 16, no. 5. — P. 475–490.
Zhang Ming, Lu Shuaibing, Xu Boyi. An anomaly detection method based on multi-models to detect web attacks // 2017 10th International Symposium on Computational Intelligence and Design (ISCID). Vol. 2. — IEEE. 2017. — P. 404–409.
Ciocarlie Gabriela F, Stavrou Angelos, Stolfo Salvatore J, Keromytis Angelos D. Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models. — 1 8/2019. — US Patent App. 10/178,113.
Caesarano Arif Roid, Riadi Imam. Network Forensics for Detecting SQL Injection Attacks Using NIST Method. — 2018.
Olanrewaju Rashidah Funke, Khan Burhan Ul Islam, Najeeb Athaur Rahman, Zahir KN, Hussain S. Snort-based smart and swift intrusion detection system // Indian Journal of Science and Technology. — 2018. — Vol. 8, no. 1. — P. 1–9.
Браницкий А.А., Котенко И.В. Анализ и классификация методов обнаружения сетевых атак // Труды СПИИРАН. — 2016. — Т. 2, № 45. — С. 207—244.
Rangaraju Naveen Kumar, Sriramoju Shoban Babu, Sarma SSVN. A study on machine learning techniques towards the detection of distributed denial of service attacks // International Journal of Pure and Applied Mathematics. — 2018. — Vol. 120, no. 6. — P. 7407–7423.
Shukla Satya Narayan, Sahu Anit Kumar, Willmott Devin, Kolter J Zico. Black-box Adversarial Attacks with Bayesian Optimization // arXiv preprint arXiv:1909.13857. — 2019.
Swarnkar Mayank, Hubballi Neminath. OCPAD: One class Naive Bayes classifier for payloadbased anomaly detection // Expert Systems with Applications. — 2016. — Vol. 64. — P. 330–339.
Zhang Bing, Liu Zhiyang, Jia Yanguo, Ren Jiadong, Zhao Xiaolin. Network Intrusion Detection Method Based on PCA and Bayes Algorithm // Security and Communication Networks. — 2018. — Vol. 2018.
Васильев В.И., Шарабанов И.В. Интеллектуальная система обнаружения атак в локальных беспроводных сетях // Вестник Уфимского государственного авиационного технического университета. 2015. Т. 19, 4 (70).
Gupta Jyotika, Chaturvedi Krishna Nand, Gupta Jyotika, Chaturvedi Krishna Nand. Improved Algorithm for Network Intrusion Detection System based on K-Nearest Neighbor: Survey // International Journal. 2016. Vol. 3. P. 81–84.
Su Ming-Yang. Real-time anomaly detection systems for Denial-ofService attacks by weighted k-nearest-neighbor classifiers // Expert Systems with Applications. — 2011. — Vol. 38, no. 4. — P. 3492–3498.
Lee Chi Hoon, Chung Jin Wook, Shin Sung Woo. Network intrusion detection through genetic feature selection // Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2006. SNPD 2006. Seventh ACIS International Conference on. — IEEE. 2006. — P. 109–114.
Ahmim Ahmed, Maglaras Leandros, Ferrag Mohamed Amine, Derdour Makhlouf, Janicke Helge. A novel hierarchical intrusion detection system based on decision tree and rules-based models // 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS). — IEEE. 2019. — P. 228–233.
Zhang Ming, Xu Boyi, Bai Shuai, Lu Shuaibing, Lin Zhechao. A deep learning method to detect web attacks using a specially designed CNN // International Conference on Neural Information Processing. Springer. 2017. — P. 828–836.
Gupta Abhishek, Jain Ankit, Yadav Samartha, Taneja Harsh. Literature survey on detection of web attacks using machine learning // International Journal of Scientific Research Engineering & Information Technology. 2018. Vol. 3. P. 1845–1853.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).