Web application vulnerability detection method based on machine learning

Hu, Lilan; Chang, Jie; Chen, Ze; Hou, Botao

doi:10.1088/1742-6596/1827/1/012061

Cited by 4 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lilan hu et al [24] presented an in-depth study of the existing security vulnerability detection technology, combined with the development process of machine learning security vulnerability detection technology, the requirements of the security vulnerability detection model are analyzed in detail, and a cross-site scripting security vulnerability detection model for web application is designed and implemented. Based on the existing network vulnerability detection technology and tools, the verification code identification function is added, which solves the problem that the data can be submitted to the server only by inputting the verification code.…”

Section: Literature Reviewmentioning

confidence: 99%

A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions

Shahid

Hameed²,

Javed

et al. 2022

Applied Sciences

View full text Add to dashboard Cite

The growing use of the internet has resulted in an exponential rise in the use of web applications. Businesses, industries, financial and educational institutions, and the general populace depend on web applications. This mammoth rise in their usage has also resulted in many security issues that make these web applications vulnerable, thereby affecting the confidentiality, integrity, and availability of associated information systems. It has, therefore, become necessary to find vulnerabilities in these information system resources to guarantee information security. A publicly available web application vulnerability scanner is a computer program that assesses web application security by employing automated penetration testing techniques that reduce the time, cost, and resources required for web application penetration testing and eliminates test engineers’ dependency on human knowledge. However, these security scanners possess various weaknesses of not scanning complete web applications and generating wrong test results. Moreover, intensive research has been carried out to quantitatively enumerate web application security scanners’ results to inspect their effectiveness and limitations. However, the findings show no well-defined method or criteria available for assessing their results. In this research, we have evaluated the performance of web application vulnerability scanners by testing intentionally defined vulnerable applications and the level of their respective precision and accuracy. This was achieved by classifying the analyzed tools using the most common parameters. The evaluation is based on an extracted list of vulnerabilities from OWASP (Open Web Application Security Project).

show abstract

Section: Literature Reviewmentioning

confidence: 99%

A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions

Shahid

Hameed²,

Javed

et al. 2022

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Finally, in this experiment, it was found that the SVM-based model had higher detection accuracy for malicious crawlers and extracting effective features could improve the detection accuracy. In 2021, Hu et al [13] designed and implemented an XSS attack detection model for web applications. This model added the verification code recognition function to solve the problem of submitting data to the server just by entering the verification code; this model had a low false positive rate.…”

Section: Related Workmentioning

confidence: 99%

Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning

Wei

Qin

et al. 2022

Mathematics

View full text Add to dashboard Cite

The frequent variations of XSS (cross-site scripting) payloads make static and dynamic analysis difficult to detect effectively. In this paper, we proposed a fusion verification method that combines traffic detection with XSS payload detection, using machine learning to detect XSS attacks. In addition, we also proposed seven new payload features to improve detection efficiency. In order to verify the effectiveness of our method, we simulated and tested 20 public CVE (Common Vulnerabilities and Exposures) XSS attacks. The experimental results show that our proposed method has better accuracy than the single traffic detection model. Among them, the recall rate increased by an average of 48%, the F1 score increased by an average of 27.94%, the accuracy rate increased by 9.29%, and the accuracy rate increased by 3.81%. Moreover, the seven new features proposed in this paper account for 34.12% of the total contribution rate of the classifier.

show abstract

“…In fact, most of the vulnerabilities currently existing in ECS belong to the XXS (Cross Site Scripting) injection vulnerability, which is often injected by attackers through related attack scripts and hidden in the cloud server. Once the relevant users visit the server, the vulnerability will immediately control the user and obtain the user's private information [8][9][10][11]. In addition, many cloud servers use HTML (Hyper Text Markup Language) language to complete running development, which requires low access to embedded scripts, and is prone to XSS vulnerabilities, causing serious security losses.…”

Section: Introductionmentioning

confidence: 99%

Research on cloud server double end vulnerability detection based on heuristic genetic algorithm

Lu,

Cen,

Ren

et al. 2023

Third International Conference on Advanced Algorithms and Signal Image Processing (AASIP 2023)

View full text Add to dashboard Cite

Conventional cloud server dual end vulnerability detection methods mainly use P2P (peer-to-peer) structure to generate dual end vulnerability detection programs, which are vulnerable to the dual identities of the server and the client, resulting in relatively high vulnerability detection errors. Therefore, a new cloud server dual end vulnerability detection method needs to be designed based on heuristic genetic algorithm. That is to say, the heuristic genetic algorithm is used to build a cloud server dual end vulnerability detection model, and the cloud server dual end vulnerability detection middleware is designed, thus realizing the cloud server dual end vulnerability detection. The experimental results show that the designed dual end vulnerability detection method for cloud server based on heuristic genetic algorithm has low relative error of vulnerability detection, which proves that the designed vulnerability detection method has good detection effect, reliability, and certain application value, and has made certain contributions to improving the security of cloud server operation.

show abstract

Web application vulnerability detection method based on machine learning

Cited by 4 publications

References 6 publications

A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions

A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions

Resolving Cross-Site Scripting Attacks through Fusion Verification and Machine Learning

Research on cloud server double end vulnerability detection based on heuristic genetic algorithm

Contact Info

Product

Resources

About