Skip to main content
SpringerLink
Log in

Automated Classification of Web-Application Attacks for Intrusion Detection

  • Conference paper
  • First Online:
Book cover Security, Privacy, and Applied Cryptography Engineering (SPACE 2019)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11947))

Abstract

In today’s information driven society and economy, web facing applications are most common way to run information dissemination, banking, e-commerce etc. Web applications are frequently targeted by attackers through intelligently crafted http requests to exploit vulnerabilities existing in the application, front-end, and the web-clients. Some of the most frequent such attacks are SQL Injection, Cross-Site Scripting, Path-traversal, Command Injection, Cross-site request forgery etc. Detecting these attacks up front and blocking them, or redirecting the request to a honey-pot could be a way to prevent web applications from being exploited. In this work, we developed a number of machine learning models for detecting and classifying http requests into normal, and various types of attacks. Currently, the models are applied as an ensemble on the http server logs, to classify and build data analytics on the http requests received by any web server in order to garner threat intelligence, and threat landscape. We also implemented an online log-analysis version that analyzes logs every 15 s to classify http requests in the recent 15 s. However, it can also be used as a web application firewall to block the http requests based on the classification results. We also have implemented an intrusion protection mechanism by redirecting http requests classified upfront as malicious towards a web honeypot. We compare various existing signature based, regular expression based, and machine learning based techniques against our models for detection and classification of http based attacks, and show that our methods achieve better performance over existing techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ECML/PKDD 2007 Dataset (2007). http://www.lirmm.fr/pkdd2007-challenge/

  2. Xpath injection (2015). https://www.owasp.org/index.php/XPATH_Injection

  3. Gradient boosting (2016). https://machinelearningmastery.com/gentle-introd-uction-gradient-boosting-algorithm-machine-learning/

  4. Logistic regression (2016). https://machinelearningmastery.com/logistic-regre-ssion-for-machine-learning/

  5. Sql injection (2016). https://www.owasp.org/index.php/SQL_Injection

  6. Crlf injection (2018). https://www.owasp.org/index.php/CRLF_Injection

  7. Cross-site scripting (xss) (2018). https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

  8. Nearest neighbors (2018). http://scikit-learn.org/stable/modules/neighbors.html

  9. Sophos India (2018).https://www.businesstoday.in/current/economy-politics/76-per-cent-indian-businesses-hit-by-cyber-attacks-in-2018-finds-survey/story/327389.html

  10. World Internet Users and 2019 Population Stats (2019). https://www.internetworldstats.com/stats.htm

  11. acunetix: Path traversal (2017). https://www.acunetix.com/blog/articles/path-traversal/

  12. acunetix: Cross-site scripting (2019). https://www.acunetix.com/websitesecurity/cross-site-scripting/

  13. Althubiti, S., Yuan, X., Esterline, A.: Analyzing http requests for web intrusion detection. KSU Proceedings on Cybersecurity Education, Research and Practice (2017)

    Google Scholar 

  14. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  Google Scholar 

  15. Carmen Torrano, A.P., Álvarez, G.: Http csic torpeda 2012 (2012). http://www.tic.itefi.csic.es/torpeda/datasets.html

  16. Carmen Torrano, A.P., Álvarez, G.: Http csic torpeda 2012 (2012). http://www.tic.itefi.csic.es/torpeda

  17. Elprocus: Basic intrusion detection system (2019). https://www.elprocus.com/basic-intrusion-detection-system/

  18. ENISA: Enisa threat landscape report 2018 (2019). https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018

  19. Giménez, C.T., Villegas, A.P., Marañón, G.Á.: Http data set csic 2010. Information Security Institute of CSIC (Spanish Research National Council) (2010)

    Google Scholar 

  20. Hong Cheon, E., Huang, Z., Lee, Y.S.: Preventing sql injection attack based on machine learning. Int. J. Advancements Comput. Technol. 5, 967–974 (2013). https://doi.org/10.4156/ijact.vol5.issue9.115

    Article  Google Scholar 

  21. KF, DP: Xssed dataset (2007). http://www.xssed.com/

  22. Kozik, R., Choraś, M., Renk, R., Hołubowicz, W.: Modelling http requests with regular expressions for detection of cyber attacks targeted at web applications. In: International Joint Conference SOCO 2014-CISIS 2014-ICEUTE 2014, pp. 527–535. Springer, Switzerland (2014). 10.1007/978-3-319-07995-0_52

    Google Scholar 

  23. Kumar, B.S., Ch, T., Raju, R.S.P., Ratnakar, M., Baba, S.D., Sudhakar, N.: Intrusion detection system-types and prevention. Int. J. Comput. Sci. Info. Tech. (IJCSIT) 4(1), 77–82 (2013)

    Google Scholar 

  24. Mansfield, M.: General small business cyber security statistics (2018). https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html

  25. Mereani, F.A., Howe, J.M.: Detecting cross-site scripting attacks using machine learning. In: Hassanien, A.E., Tolba, M.F., Elhoseny, M., Mostafa, M. (eds.) AMLTA 2018. AISC, vol. 723, pp. 200–210. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-74690-6_20

    Chapter  Google Scholar 

  26. Meyer, R.: Detecting attacks on web applications from log files (2008). https://www.sans.org/reading-room/whitepapers/logging/detecting-attacks-web-applications-log-files-2074

  27. OWASP: Owasp modsecurity core rule set (2014). https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/base_rules/modsecurity_crs_40_generic_attacks.conf

  28. OWASP: Owasp top 10–2017 (2017). https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

  29. OWASP: Testing for ldap injection (2017). https://www.owasp.org/index.php/Testing_for_LDAP_Injection_(OTG-INPVAL-006)

  30. OWASP: Command injection (2018). https://www.owasp.org/index.php/Command_Injection

  31. Quinlan, R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Mateo (1993)

    Google Scholar 

  32. Sarmah, A.: Intrusion detection systems: definition, need and challenges (2019). https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-systems-definition-challenges-343

  33. Scholkopf, B., Smola, A.J.: Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond. MIT press, Cambridge (2001)

    Google Scholar 

  34. Shatabda: Ssi injection (2018). https://medium.com/@shatabda/security-ssi-injection-what-how-fbce1dc232b9

  35. Technologies, P.: Web application attack statistics (2018). https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Web-application-attacks-2018-eng.pdf

  36. W3Schools: SQL Injection (2019). https://www.w3schools.com/sql/sql_injection.asp

  37. Yu, J., Tao, D., Lin, Z.: A hybrid web log based intrusion detection model. In: 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS), pp. 356–360. IEEE (2016)

    Google Scholar 

Download references

Acknowledgement

This work has been partially supported by grants from the Science and Engineering Research Board (SERB), and Department of Science and Technology (DST), Government of India.

Author information

Authors and Affiliations

  1. C3I Center, Department of CSE, Indian Institute of Technology, Kanpur, India

    Harsh Bhagwani, Rohit Negi, Aneet Kumar Dutta, Anand Handa, Nitesh Kumar & Sandeep Kumar Shukla

Authors
  1. Harsh Bhagwani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rohit Negi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aneet Kumar Dutta
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Anand Handa
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Nitesh Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sandeep Kumar Shukla
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anand Handa .

Editor information

Editors and Affiliations

  1. Temasek Laboratories, Nanyang Technological University, Singapore, Singapore

    Shivam Bhasin

  2. Computer Science Department, Technion, Haifa, Israel

    Avi Mendelson

  3. Indian Statistical Institute, Kolkata, India

    Mridul Nandi

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bhagwani, H., Negi, R., Dutta, A.K., Handa, A., Kumar, N., Shukla, S.K. (2019). Automated Classification of Web-Application Attacks for Intrusion Detection. In: Bhasin, S., Mendelson, A., Nandi, M. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2019. Lecture Notes in Computer Science(), vol 11947. Springer, Cham. https://doi.org/10.1007/978-3-030-35869-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35869-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35868-6

  • Online ISBN: 978-3-030-35869-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation