Skip to main content
Log in

Application of Machine Learning Algorithms for Detection of Vulnerability in Web Applications

  • Original Research
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

The Internet is a world-class network that connects systems and electronic devices. As per the report, 4.66 billion people in the world use the internet for one or other purposes. The internet also provides a wide range of web applications, which provides vast benefits to society and the users. Nowadays, cyberattacks like denial of service (DoS), SQL injections, brute force, and phishing attacks on websites, web applications, and web of things are more common. During the development phase, these security issues need to be addressed efficiently. These internet-based applications, store very critical, valuable, and important information related to user credentials, financial, biometric, payment information, etc. The adversary tries to find vulnerabilities and exploit them to capture the information related to users, and devices. The adversary can also damage the applications and stop them from working. This paper illustrates and analyses the different types of vulnerabilities in detail. Also, this work provides possible solutions to the various attacks. The data for the analysis are collected through the NESSUS tool. The analysis is carried out using Random Forest Classifier, Multinominal Naïve Bayes, Linear SVC, and Logistic Regression. In this work, Linear SVC has 91% accuracy in identifying the type of vulnerability. The algorithm also shows the accuracy of 98% in giving the solutions for the type of attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Data availability

Not applicable.

References

  1. Atashzar H, Torkaman A, Bahrololum M, Tadayon MH A survey on web application vulnerabilities and countermeasures, 2011, 647–652.

  2. Li X, Xue Y A survey on web application security, Department of Electrical Engineering and Computer Science Vanderbilt University xiaowei.li, yuan.xue@vanderbilt.edu

  3. Sardar R, Anees T. Web of things: security challenges and mechanisms. IEEE Access. 2021;9:31695–711. https://doi.org/10.1109/ACCESS.2021.3057655.

    Article  Google Scholar 

  4. Daud NI, Abu Bakar KA, Md Hasan MS A case study on web application vulnerability scanning tools, 2014 Science and Information Conference, 2014, pp. 595–600

  5. Dua M, Singh H Detection & prevention of website vulnerabilities: Current scenario and future trends, 2nd International Conference on Communication and Electronics Systems (ICCES), 2017

  6. Nirmal K, Janet BR Web Application Vulnerabilities-The Hacker's Treasure, International Conference on Inventive Research in Computing Applications (ICIRCA), July 2018

  7. https://owasp.org/www-project-top-ten

  8. Sangani NK, Zarger H Machine learning in application security https://doi.org/10.5772/intechopen.68796

  9. Zhang H, Lin K-Y, Chen W, Genyuan L Using Machine learning techniques to improve intrusion detection accuracy, IEEE 2nd International Conference on Knowledge Innovation and Invention (ICKII)July 2019.

  10. Iorga D, Corlatescu D, Grigorescu O, Sandescu C, Dascălu M, Rughiniş R (2020) Early Detection of Vulnerabilities from News Websites using Machine Learning Models,19th RoEduNet Conference: Networking in Education and Research (RoEduNet),IEEE,

  11. Calzavara S, Conti M, Focardi R, Rabitti A, Tolomei G Machine learning for web vulnerability detection: the case of cross-site request forgery, in IEEE Security & Privacy, vol. 18, no. 3, pp. 8–16, May-June 2020, doi: https://doi.org/10.1109/MSEC.2019.2961649.

  12. Noman Khalid M, Farooq H, Iqbal M, Alam MT, Rasheed K Predicting Web Vulnerabilities in Web Applications Based on Machine Learning, First International Conference, INTAP 2018, Bahawalpur, Pakistan, pp. 473–484

  13. Kalim A, Jha CK, Tomar DS, Rishi Sahu D, A framework for web application vulnerability detection international journal of engineering and advanced technology (IJEAT) ISSN: 2249–8958, Volume-9 Issue-3, February, 2020

  14. SHAR, Lwin Khin; BRIAND, Lionel; and TAN, Hee Beng Kuan. Web application vulnerability prediction using hybrid program analysis and machine learning. (2014). IEEE Transactions on Dependable and Secure Computing. 12, (6), 688–707. Research Collection School of Information Systems. Available at: https://ink.library.smu.edu.sg/sis_research/4895

  15. Harer JA, Kim LY, Russell RL, Ozdemir O, Kosta L, Rangamani A, Hamilton LH, Centeno GI, Key JR, Ellingwood PM, McConley M, Opper JM, Chin S, Lazovich T (2018) Automated software vulnerability detection with machine learning. ArXiv, abs/1803.04497.

  16. https://medium.com/machine-learning-101/chapter-5-random-forest-classifier-56dc7425c3e1

  17. https://builtin.com/data-science/random-forest-algorithm

  18. https://www.upgrad.com/blog/multinomial-naive-bayes-explained

  19. https://towardsdatascience.com/https-medium-com-pupalerushikesh-svm-f4b42800e989

  20. https://searchbusinessanalytics.techtarget.com/definition/logistic-regression

  21. https://www.statisticssolutions.com/free-resources/directory-of-statistical-analyses/what-is-logistic-regression

  22. https://www.cs.cmu.edu/~dwendlan/personal/nessus.html

  23. https://machinelearningmastery.com/imbalanced-classification-is-hard/

Download references

Funding

No funding received for this research work.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to S. Narasimha Swamy.

Ethics declarations

Conflict of interest

The authors declare there is no conflict of Interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article is part of the topical collection “Advances in Computational Intelligence for Artificial Intelligence, Machine Learning, Internet of Things and Data Analytics” guest edited by S. Meenakshi Sundaram, Young Lee and Gururaj K S.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mathalli Narasimha, V., Andhe, D., Swamy, S.N. et al. Application of Machine Learning Algorithms for Detection of Vulnerability in Web Applications. SN COMPUT. SCI. 4, 110 (2023). https://doi.org/10.1007/s42979-022-01518-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-022-01518-x

Keywords

Navigation