CODDLE: Code-Injection Detection With Deep Learning

被引：35

作者：

Abaimov, Stanislav ^{[1
]}

Bianchi, Giuseppe ^{[1
]}

机构：

[1] Univ Roma Tor Vergata, Rome, Italy

来源：

IEEE ACCESS | 2019年 / 7卷

关键词：

Deep learning; code injection; intrusion detection; supervised learning; SQL injection; XSS; !text type='Java']Java[!/text]Script; ATTACKS; SQL;

D O I：

10.1109/ACCESS.2019.2939870

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Code Injection attacks such as SQL Injection and Cross-Site Scripting (XSS) are among the major threats for today's web applications and systems. This paper proposes CODDLE, a deep learning-based intrusion detection systems against web-based code injection attacks. CODDLE's main novelty consists in adopting a Convolutional Deep Neural Network and in improving its effectiveness via a tailored pre-processing stage which encodes SQL/XSS-related symbols into type/value pairs. Numerical experiments performed on real-world datasets for both SQL and XSS attacks show that, with an identical training and with a same neural network shape, CODDLE's type/value encoding improves the detection rate from a baseline of about 75% up to 95% accuracy, 99% precision, and a 92% recall value.

引用

页码：128617 / 128627

页数：11

共 42 条

[1] Acunetix, 2016, AC WEB APPL VULN REP
[2] Alwan ZS, 2017, Int J Comput Sci Mobile Comput, V6, P5
[3] [Anonymous], WEB APPL FIR
[4] [Anonymous], 2005, INPROCEEDINGS 20 IEE
[5] [Anonymous], 2013, International Journal of Advancements in Computing Technology, DOI DOI 10.4156/IJACT.VOL5.ISSUE9.115
[6] [Anonymous], 2013, INT J COMPUTER APPLT, DOI DOI 10.7753/IJCATR0202.1020
[7] [Anonymous], 2008, SYMANTEC INTERNET SE
[8] Bandhakavi S, 2007, CCS'07: PROCEEDINGS OF THE 14TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, P12
[9] Bockermann C, 2009, LECT NOTES COMPUT SC, V5587, P196, DOI 10.1007/978-3-642-02918-9_12
[10] Cai R., 2018, P 27 INT JOINT C ART, P3977, DOI 10.24963/ijcai.2018/553

← 1 2 3 4 5 →