Improving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis
- PDF / 680,312 Bytes
- 11 Pages / 612 x 792 pts (letter) Page_size
- 100 Downloads / 193 Views
mproving Efficiency of Web Application Firewall to Detect Code Injection Attacks with Random Forest Method and Analysis Attributes HTTP Request Nguyen Manh Thang Academy of Cryptography Techniques, 141 Chien Thang, Tan Trieu, Thanh Tri, Ha Noi e-mail: [email protected] Received November 10, 2019; revised November 25, 2019; accepted April 30, 2020
Abstract—In the era of information technology, the use of computer technology for both work and personal use is growing rapidly with time. Unfortunately, with the increasing number and size of computer networks and systems, their vulnerability also increases. Protecting web applications of organizations is becoming increasingly relevant as most of the transactions are carried out over the Internet. Traditional security devices control attacks at the network level, but modern web attacks occur through the HTTP protocol at the application level. On the other hand, the attacks often come together. For example, a denial of service attack is used to hide code injection attacks. The system administrator spends a lot of time to keep the system running, but they may forget the code injection attacks. Therefore, the main task for system administrators is to detect network attacks at the application level using a web application firewall and apply effective algorithms in this firewall to train web application firewalls automatically for increasing his efficiency. The article introduces parameterization of the task for increasing the accuracy of query classification by the random forest method, thereby creating the basis for detecting attacks at the application level. DOI: 10.1134/S0361768820050072
1. INTRODUCTION The industrial revolution 4.0, with the features of digital control systems, IoT, cloud computing and artificial intelligence, has opened up new opportunities for humanity but also poses new challenges. The main problem needed attention from the very beginning is ensuring information security for information technology systems serving industry 4.0. With the rapid development of technology, sophisticated attack methods are also specially designed to avoid an attack detection system. Thus, in modern information security systems, most organizations use an intrusion detection system, an intrusion prevention system and a network firewall to monitor the system as well as identify attacks at the network level. These systems use signature-based attack detection [1, 2], abnormal feature detection [3, 5], white-black list [6, 7], etc. to prevent attacks. Due to the proliferation of new attacks, traditional signature-based methods have become less effective leading to an increasing need to detect abnormal behavior. Behavioral identification allows system admin to detect new and complex attacks based on statistical models and machine learning. The weak point in detecting behavioral attacks is the large number of false alerts. To improve the accuracy of detecting network attacks, several approaches will be combined with many machine learning meth-
ods to detect anomalies in the
Data Loading...
