Author:
Tadhani Jaydeep R.,Vekariya Vipul,Sorathiya Vishal,Alshathri Samah,El-Shafai Walid
Abstract
AbstractModern web application development involves handling enormous amounts of sensitive and consequential data. Security is, therefore, a crucial component of developing web applications. A web application's security is concerned with safeguarding the data it processes. The web application framework must have safeguards to stop and find application vulnerabilities. Among all web application attacks, SQL injection and XSS attacks are common, which may lead to severe damage to Web application data or web functionalities. Currently, there are many solutions provided by various study for SQLi and XSS attack detection, but most of the work shown have used either SQL/XSS payload-based detection or HTTP request-based detection. Few solutions available can detect SQLi and XSS attacks, but these methods provide very high false positive rates, and the accuracy of these models can further be improved. We proposed a novel approach for securing web applications from both cross-site scripting attacks and SQL injection attacks using decoding and standardization of SQL and XSS payloads and HTTP requests and trained our model using hybrid deep learning networks in this paper. The proposed hybrid DL model combines the strengths of CNNs in extracting features from input data and LSTMs in capturing temporal dependencies in sequential data. The soundness of our approach lies in the use of deep learning techniques that can identify subtle patterns in the data that traditional machine learning-based methods might miss. We have created a testbed dataset of Normal and SQLi/XSS HTTP requests and evaluated the performance of our model on this dataset. We have also trained and evaluated the proposed model on the Benchmark dataset HTTP CSIC 2010 and another SQL/XSS payload dataset. The experimental findings show that our proposed approach effectively identifies these attacks with high accuracy and a low percentage of false positives. Additionally, our model performed better than traditional machine learning-based methods. This soundness approach can be applied to various network security applications such as intrusion detection systems and web application firewalls. Using our model, we achieved an accuracy of 99.84%, 99.23% and 99.77% on the SQL-XSS Payload dataset, Testbed dataset and HTTP CSIC 2010 dataset, respectively.
Publisher
Springer Science and Business Media LLC
Reference44 articles.
1. McAfee. “2021 Threat Predictions Report” [Online]. https://www.mcafee.com/blogs/other-blogs/mcafee-labs/2021-threat-predictions-report/ (2021).
2. Sonicwall Cyber Threat Report [Online]. https://www.sonicwall.com/medialibrary/en/white-paper/2023-cyber-threat-report.pdf (2023).
3. Bararia, A. & Choudhary, M. V. Systematic review of common web-application vulnerabilities. Int. J. Sci. Res. Eng. Manag. 7, 12 (2023).
4. Yu, J., Lu, L., Chen, Y., Zhu, Y. & Kong, L. An indirect eavesdropping attack of keystrokes on touch screen through acoustic sensing. IEEE Trans. Mob. Comput. 20(2), 5309–5316. https://doi.org/10.1109/TMC.2019.2947468 (2021).
5. Qiao, F., Li, Z. & Kong, Y. A privacy-aware and incremental defense method against GAN-based poisoning attack. In IEEE Transaction on Computer Society System (2023).