An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling. (February 2022)
- Record Type:
- Journal Article
- Title:
- An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling. (February 2022)
- Main Title:
- An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling
- Authors:
- Shahid, Waleed Bin
Aslam, Baber
Abbas, Haider
Khalid, Saad Bin
Afzal, Hammad - Abstract:
- Abstract: Protecting web applications is becoming challenging every passing day, primarily because of attack sophistication, omnipresence of web applications and over-reliance on traditional Web Application Firewalls (WAFs). Advanced Persistent Threats (APTs) make overwhelming use of web attacks during infiltration and expansion phase. Noteworthy research has been carried out to detect web attacks using deep learning because traditional approaches fail against complicated attacks having crafted payloads, scripts and cookie manipulations. This paper proposes a framework based on an enhanced hybrid approach where Deep Learning model is nested with a Cookie Analysis Engine for web attacks detection, mitigation and attacker profiling in real time. We first generated a huge dataset over a period of time and trained our Convolution Neural Network (CNN) based deep learning model using Hypertext Transfer Protocol (HTTP) request parameters like Type, Content length, Data and Requested URL etc. We also developed a Cookie Analysis Engine that checks all incoming cookie(s) for integrity, mutations and failed sanitization checks and informs the user about probable privacy infringement by third party cookies. The framework analyzes the cascading output from the classifier and cookie analysis engine and takes the final decision. We performed rigorous testing of the proposed framework wherein it was first validated on our own custom dataset giving an accuracy of 99.94%. It was alsoAbstract: Protecting web applications is becoming challenging every passing day, primarily because of attack sophistication, omnipresence of web applications and over-reliance on traditional Web Application Firewalls (WAFs). Advanced Persistent Threats (APTs) make overwhelming use of web attacks during infiltration and expansion phase. Noteworthy research has been carried out to detect web attacks using deep learning because traditional approaches fail against complicated attacks having crafted payloads, scripts and cookie manipulations. This paper proposes a framework based on an enhanced hybrid approach where Deep Learning model is nested with a Cookie Analysis Engine for web attacks detection, mitigation and attacker profiling in real time. We first generated a huge dataset over a period of time and trained our Convolution Neural Network (CNN) based deep learning model using Hypertext Transfer Protocol (HTTP) request parameters like Type, Content length, Data and Requested URL etc. We also developed a Cookie Analysis Engine that checks all incoming cookie(s) for integrity, mutations and failed sanitization checks and informs the user about probable privacy infringement by third party cookies. The framework analyzes the cascading output from the classifier and cookie analysis engine and takes the final decision. We performed rigorous testing of the proposed framework wherein it was first validated on our own custom dataset giving an accuracy of 99.94%. It was also validated on a publicly available benchmark dataset and gave an accuracy of 98.74%. When deployed in a controlled real time environment, the attacker profiling feature enabled the framework to save useful processing time as the deep learning classifier does not get triggered for every incoming request. This makes it easy to deploy in any environment to protect web applications in real time. … (more)
- Is Part Of:
- Journal of network and computer applications. Volume 198(2022)
- Journal:
- Journal of network and computer applications
- Issue:
- Volume 198(2022)
- Issue Display:
- Volume 198, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 198
- Issue:
- 2022
- Issue Sort Value:
- 2022-0198-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-02
- Subjects:
- Web Security -- Web Application Security -- Deep learning -- Attacker profiling -- Deception -- Cookies -- HTTP
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10848045 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jnca.2021.103270 ↗
- Languages:
- English
- ISSNs:
- 1084-8045
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20273.xml