An improved filter against injection attacks using regex and machine learning

被引:0
作者
Chegu S.
Reddy G.U.
Bhambore B.S.
Adeab K.A.
Honnavalli P.
Eswaran S.
机构
来源
Network Security | 2022年 / 2022卷 / 09期
关键词
Machine learning;
D O I
10.12968/S1353-4858(22)70055-4
中图分类号
学科分类号
摘要
Injection-based attacks have consistently made the Open Web Application Security Project (OWASP)Top 10 vulnerabilities for years.1Common types of injection attacks include SQL injection, cross-site scripting (XSS) and code injection. Filter engines are used to detect and sanitise user inputs for these malicious attacks. The user input is assumed to be tainted by default. Thus, the ability of a filter in terms of accuracy and latency is important. There exist various approaches to improve filters, primarily including techniques based on regular expressions (regexes), abstract syntax tree, machine learning and so on. However, the testing of modern solutions has achieved no more than 98.5% accuracy for XSS. This article looks at ways to improve accuracy.. © 2022 MA Healthcare Ltd. All rights reserved.
引用
收藏
相关论文
共 15 条
[1]  
'Owasp Top 10 - 2021'
[2]  
Ali I., Adil S.H., Ebrahim M., Intrusion detection framework for SQL injection, Asian Journal of Engineering, Sciences & Technology, 6, 2, (2020)
[3]  
Khamdamovich K.R., Aziz I., Web application firewall method for detecting network attacks, 2021 International Conference on Information Science and Communications Technologies (ICISCT), (2021)
[4]  
Li X., Xue Y., A Survey on Web Application Security
[5]  
Yuan H., Research and implementation of web application firewall based on feature matching, Application of Intelligent Systems in Multi-modal Information Analytics, pp. 1223-1231, (2019)
[6]  
Nagendran K., Balaji S., Raj B.A., Chanthrika P., Amirthaa R.G., Web application firewall evasion techniques, 6th International Conference on Advanced Computing and Communication Systems (ICACCS), pp. 194-199, (2020)
[7]  
Kong F., Research on security technology based on web application, ISME 2016 - Information Science and Management Engineering IV, 1, pp. 367-370, (2016)
[8]  
Endraca A., King B., Nodalo G., Maria M., Sabas I., Web Application Firewall (WAF), International Journal of E-Education, E-Business, E-Management and E-Learning, 3, 6, pp. 451-455, (2013)
[9]  
Martina J.M.M., Usharani S., Manju B.P., Sandhya S.G., Detection of ransomware in static analysis by using Gradient Tree Boosting Algorithm, 2020 International Conference on System, Computation, Automation and Networking (ICSCAN), pp. 1-5
[10]  
Vu Q.H., Ruta D., Cen L., Gradient boosting decision trees for cyber security threats detection based on network events logs, 2019 IEEE International Conference on Big Data (Big Data), pp. 5921-5928, (2019)
12