A Survey of Tools and Techniques for Web Attack Detection

Authors

  • Hoang Xuan Dau
  • Ninh Thi Thu Trang
  • Nguyen Trong Hung

DOI:

https://doi.org/10.54654/isj.v1i15.852

Keywords:

Web attack, Web attack detection, Web attack detection based on signatures, Web attack detection based on machine learning

Tóm tắt

AbstractWeb attacks include types of attacks to
websites and web applications to steal sensitive
information, to possibly disrupt web-based
service systems and even to take control of the web
systems. In order to defend against web attacks, a
number of tools and techniques have been
developed and deployed in practice for
monitoring, detecting and preventing web attacks
to protect websites, web applications and web
users. It is necessary to survey and evaluate
existing tools and techniques for monitoring and
detecting web attacks because this information
can be used for the selection of suitable tools and
techniques for monitoring and detecting web
attacks for specific websites and web applications.
In the first half, the paper surveys some typical
tools and techniques for monitoring and detecting
web attacks, which have been proposed and
applied in practice. The paper’s later half
presents the experiment and efficiency evaluation
of a web attack detection model based on machine
learning. Experimental results show that the
machine learning based model for web attack
detection produces a high detection accuracy of
99.57% and the model has the potential for
practical deployment.
Tóm tắtTấn công web gồm các dạng tấn công
vào các website và ứng dụng web nhằm đánh cắp
các thông tin nhạy cảm, có thể gây ngưng trệ hệ
thống dịch vụ, hoặc chiếm quyền kiểm soát hệ
thống. Để phòng chống tấn công web, nhiều kỹ
thuật và công cụ đã được nghiên cứu, phát triển
và ứng dụng trong thực tế phục vụ giám sát, phát
hiện và ngăn chặn dạng tấn công này nhằm bảo vệ
các website, ứng dụng web và người dùng web.
Việc khảo sát, đánh giá các công cụ và kỹ thuật
giám sát, phát hiện tấn công web hiện có là cơ sở
cho lựa chọn công cụ, kỹ thuật phát hiện tấn công
web phù hợp cho các hệ thống website, ứng dụng
web cụ thể. Trong phần đầu, bài báo này khảo sát
một số công cụ và kỹ thuật giám sát, phát hiện tấn
công web tiêu biểu đã được nghiên cứu, phát triển
và ứng dụng trên thực tế. Phần sau của bài báo
trình bày nội dung thử nghiệm, đánh giá hiệu quả
của một mô hình phát hiện tấn công web dựa trên
học máy. Các kết quả thử nghiệm cho thấy, mô
hình phát hiện tấn công web dựa trên học máy cho
độ chính xác đạt tới 99.57%, có tiềm năng triển
khai hiệu quả trên thực tế.

Downloads

Download data is not yet available.

References

OWASP, Open Web Application Security Project,

http://www.owasp.org, accessed 1.2021.

Hoàng Xuân Dậu, An toàn ứng dụng web và cơ sở

dữ liệu, Học viện Công nghệ Bưu Chính Viễn

Thông, 2017.

Hoang, X.D. Detecting Common Web Attacks Based

on Machine Learning Using Weblog. K.-U. Sattler

et al. (Eds.): ICERA 2020, LNNS 178, pp. 311–318,

VNCS – Giải pháp giám sát website tập trung,

http://vncs.vn/portfolio/giai-phap-giam-satwebsites-tap-trung, accessed 1.2021.

Nagios Web Application Monitoring Software,

https://www.nagios.com/solutions/webapplication-monitoring/, accessed 1.2021.

Site24x7, Website Defacement Monitoring,

https://www.site24x7.com/monitorwebpagedefacement.html, accessed 1.2021.

Mod Security, https://www.modsecurity.org,

accessed 1.2021.

Snort IDS, http://www.snort.org, accessed 1.2021.

Abhishek Kumar Baranwal, Approaches to detect

SQL injection and XSS in web applications, EECE

B, Term Survey Paper, University of British

Columbia, Canada, 2012.

OWASP ModSecurity Core Rule Set,

https://www.owasp.org/index.php/Category:

OWASP_ModSecurity_Core_Rule_Set_Project,

accessed 1.2021.

Kemalis, K. and T. Tzouramanis. SQL-IDS: A

Specification-based Approach for SQLinjection

Detection. SAC’08. Fortaleza, Ceará, Brazil,

ACM (2008), pp. 2153-2158.

P. Bisht, and V.N. Venkatakrishnan, “XSSGUARD: Precise dynamic prevention of Cross-Site

Scripting Attacks,” In Proceeding of 5th

Conference on Detection of Intrusions and Malware

& Vulnerability Assessment, LNCS 5137, 2008, pp.

-43.

Doyen Sahoo, Chenghao Liu, and Steven C.H. Hoi,

Malicious URL Detection using Machine Learning:

A Survey, https://arxiv.org/abs/1701.07179, Mar

Gustavo Betarte, Eduardo Giménez, Rodrigo

Martínez, and Álvaro Pardo, Machine learningassisted virtual patching of web applications,

https://arxiv.org/abs/1803.05529, Mar 2018.

Carmen Torrano-Gimenez, Alejandro PérezVillegas and Gonzalo Alvarez, An Anomaly-Based

Approach for Intrusion Detection in Web Traffic,

published by The Allen Institute for Artificial

Intelligence, 2009.

Jingxi Liang, Wen Zhao and Wei Ye. “AnomalyBased Web Attack Detection: A Deep Learning

Approach”. ICNCC 2017, Kunming, China,

December 8-10, 2017.

Yao Pan, Fangzhou Sun, Zhongwei Teng, Jules

White, Douglas C. Schmidt, Jacob Staples and Lee

Krause. “Detecting web attacks with end-to-end

deep learning”. Journal of Internet Services and

Applications (2019) 10:16, SpringerOpen.

HTTP DATASET CSIC 2010, https://www.isi.

csic.es/dataset/, accessed 1.2021.

HTTP Param Dataset, https://github.com/

Morzeux/ HttpParamsDataset, accessed 1.2021.

A. Smola and S.V.N. Vishwanathan, “Introduction

to Machine Learning,” Cambridge University,

Downloads

Abstract views: 0 / PDF downloads: 0

Published

2022-06-08

How to Cite

Dau, H. X., Trang, N. T. T., & Hung, N. T. (2022). A Survey of Tools and Techniques for Web Attack Detection. Journal of Science and Technology on Information Security, 1(15), 109-118. https://doi.org/10.54654/isj.v1i15.852

Issue

Vol. 1. No. (15) 2022

Section

Papers

License

Proposed Policy for Journals That Offer Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

Proposed Policy for Journals That Offer Delayed Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).