Aref Shaheed scite author profile

Aref Shaheed

2Publications

0Citation Statements Received

35Citation Statements Given

How they've been cited

How they cite others

Affiliations

Tishreen University, Syrian Virtual University

Publications

Order By: Most citations

Web Application Firewall Using Machine Learning and Features Engineering

Shaheed

Kurdy

2022

Security and Communication Networks

View full text Add to dashboard Cite

Web application security has become a major requirement for any business, especially with the wide web attacks spreading despite the defensive measures and the continuous development of software frameworks and servers. In this study, we present a proposed model for a web application firewall that used machine learning and features engineering to detect common web attacks. Our proposed model analyses incoming requests to the webserver, parses these requests to extract four features that describe completely HTTP request parts (URL, payload, and headers), and classifies whether a request is normal or an anomaly. We took into consideration the limitation of previous works that use URL and payload only in classification and provided five features that describe and summarize all parts of the HTTP request using features engineering and previous experience in the field of the software security domain. Extracted features are length of request, percentage of characters allowed, percentage of special characters, and attack weight. These features were calculated for four different datasets CSIC 2010, HTTPParams 2015, Hybrid dataset (CSIC 2010 and HTTPParams), and real logs for the compromised web server. We evaluated our proposed model by using these updated datasets with four classification algorithms (Naive Bayes, logistic regression, decision tree, and support vector machine) with two methods (train test split and cross-validation) to negate the probability of overfitting and ensure that features are effective. Features values for a normal request are usually short request length, large allowed character ratio, small special character ratio, and zero attack weight or close to zero. Features values for anomaly requests are large request length, small allowed character percentage, large special character percentage, and very large numerically attack weight. Our proposed model achieved a classification accuracy of 99.6% with datasets used in research studies in this field and 98.8% with datasets of real web servers.

show abstract

DASH Framework Using Machine Learning Techniques and Security Controls

Shaheed

Al-radwan

2022

International Journal of Digital Multimedia Broadcasting

View full text Add to dashboard Cite

Interest in video streaming has increased recently, as it constitutes most of the traffic on the Internet and cellular networks. These networks use different video streaming technologies. One of the most famous technologies is DASH (which stands for Dynamic Adaptive Steaming using HTTP). DASH adapts streaming parameters according to network conditions and uses the HTTP protocol to communicate between the user and the server. DASH faces many challenges that may lead to video interruptions and poor quality of user experiences (QoE) such as bad network conditions and buffering level control. In addition to the lack of studies, we cover security issues for these types of services. In this paper, we proposed an integrated framework that consists of four components: quality prediction model, precache model, light web application firewall, and a monitoring system. These four components improve QoE and precache and increase the level of security. The results of the quality prediction model are used to predict the quality of the next segments depending on the user’s network conditions and in the precache model to improve caching to reduce the load on the streaming system and rely more on cache servers. The proposed web application firewall is a light version used to defend against video streaming attacks and verify the existence of necessary HTTP headers. The quality predictor model with the generated dataset achieved 97% classification accuracy using DecisionTree, and this experiment proved the strong relationship between congestion periods and streaming quality, which is s the main key in QoE.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Aref Shaheed

Web Application Firewall Using Machine Learning and Features Engineering

DASH Framework Using Machine Learning Techniques and Security Controls

Contact Info

Product

Resources

About