Detecting Web Application Injection Attacks Using One-Class SVM

2022 IEEE 5th International Conference on Computer and Communication Engineering Technology (CCET) Pub Date : 2022-08-19 DOI:10.1109/CCET55412.2022.9906382

Luchen Zhou, Tao Lu, X. Hu

{"title":"Detecting Web Application Injection Attacks Using One-Class SVM","authors":"Luchen Zhou, Tao Lu, X. Hu","doi":"10.1109/CCET55412.2022.9906382","DOIUrl":null,"url":null,"abstract":"As the important component of the Internet, the Web makes it easy for us to access information anytime, anywhere. However, the widespread adoption of web applications has introduced new security risks and expanded existing attack surfaces that many organizations are not effectively protecting. Among the various threats facing the web applications, injection attacks are one of the most dangerous. In this work, we propose to use one-class Support Vector Machine (SVM) for detecting web application injection attacks. We treat the detection of injection attacks as an anomaly detection problem. In the training stage, a number of legitimate HTTP requests are used to train a one-class SVM model. In the testing stage, the trained one-class SVM is used to detect whether an HTTP request is legitimate or malicious. We adopt 2v-gram algorithm (a variant of n-gram) to extract features from HTTP requests. The experimental results show that one-class SVM achieves good performance in detecting web application injection attacks by achieving a detection rate of 94.04% and a false positive rate of 1.62%.","PeriodicalId":329327,"journal":{"name":"2022 IEEE 5th International Conference on Computer and Communication Engineering Technology (CCET)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 5th International Conference on Computer and Communication Engineering Technology (CCET)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCET55412.2022.9906382","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

As the important component of the Internet, the Web makes it easy for us to access information anytime, anywhere. However, the widespread adoption of web applications has introduced new security risks and expanded existing attack surfaces that many organizations are not effectively protecting. Among the various threats facing the web applications, injection attacks are one of the most dangerous. In this work, we propose to use one-class Support Vector Machine (SVM) for detecting web application injection attacks. We treat the detection of injection attacks as an anomaly detection problem. In the training stage, a number of legitimate HTTP requests are used to train a one-class SVM model. In the testing stage, the trained one-class SVM is used to detect whether an HTTP request is legitimate or malicious. We adopt 2v-gram algorithm (a variant of n-gram) to extract features from HTTP requests. The experimental results show that one-class SVM achieves good performance in detecting web application injection attacks by achieving a detection rate of 94.04% and a false positive rate of 1.62%.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

一类SVM检测Web应用注入攻击

作为互联网的重要组成部分，网络使我们可以随时随地方便地获取信息。然而，web应用程序的广泛采用带来了新的安全风险，并扩大了许多组织无法有效保护的现有攻击面。在web应用程序面临的各种威胁中，注入攻击是最危险的一种。在这项工作中，我们提出使用一类支持向量机(SVM)来检测web应用程序注入攻击。我们将注入攻击的检测视为异常检测问题。在训练阶段，使用大量合法的HTTP请求来训练一类SVM模型。在测试阶段，使用训练好的单类SVM来检测HTTP请求是合法的还是恶意的。我们采用2v-gram算法(n-gram的一种变体)从HTTP请求中提取特征。实验结果表明，单类SVM在检测web应用注入攻击方面具有较好的性能，检测率为94.04%，假阳性率为1.62%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2022 IEEE 5th International Conference on Computer and Communication Engineering Technology (CCET)

自引率

0.00%

发文量