Web Server Attack Detection using Machine Learning

Saleem, Saima; Sheeraz, Muhammad; Hanif, Muhammad; Farooq, Umar

doi:10.1109/iccws48432.2020.9292393

Cited by 11 publications

(3 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Amankwah R, Chen J, Kudjo P, and Towey D [17] used WebGoat and DVWA to conduct experiments in evaluating the performance of vulnerability scanning applications, both open-source and commercial applications. Saleem S, Sheeraz M, Hanif M, and Farooq U [18] made a model with machine learning to detect attacks on web servers. In classifying the model, the dataset used is a server access log file consisting of normal access logs, SQL injection attack logs, XSS attack logs, and Denial of Service (DOS) attack logs against DVWA applications.…”

Section: Related Workmentioning

confidence: 99%

Web Application Security Education Platform Based on OWASP API Security Project

Idris

Syarif

Winarno

2022

EMITTER Int'l J. of Engin. Technol.

View full text Add to dashboard Cite

The trend of API-based systems in web applications in the last few years keeps steadily growing. API allows web applications to interact with external systems to enable business-to-business or system-to-system integration which leads to multiple application innovations. However, this trend also comes with a different surface of security problems that can harm not only web applications, but also mobile and IoT applications. This research proposed a web application security education platform which is focused on the OWASP API security project. This platform provides different security risks such as excessive data exposure, lack of resources and rate-limiting, mass assignment, and improper asset management which cannot be found in monolithic security learning application like DVWA, WebGoat, and Multillidae II. The development also applies several methodologies such as Capture-The-Flag (CTF) learning model, vulnerability assessment, and container virtualization. Based on our experiment, we are successfully providing 10 API vulnerability challenges to the platform with 3 different levels of severity risk rating which can be exploited using tools like Burp Suite, SQLMap, and JWTCat. In the end, based on our performance experiment, all of the containers on the platform can be deployed in approximately 16 seconds with minimum storage resource and able to serve up to 1000 concurrent users with the average throughput of 50.58 requests per second, 96.35% successful requests, and 15.94s response time.

show abstract

Section: Related Workmentioning

confidence: 99%

Web Application Security Education Platform Based on OWASP API Security Project

Idris

Syarif

Winarno

2022

EMITTER Int'l J. of Engin. Technol.

View full text Add to dashboard Cite

show abstract

“…Traditional rule-based approaches have many challenges, including the difficulty of creating rules that can detect unforeseen error conditions and the effort required to manually maintain rule sets. Advances in deep learning and anomaly detection methodologies show potential for practical use against many forms of log detection targets, including failures [1], security/network intrusions [2] [3] [4], and performance degradation indicators [5] [6]. These methods have the potential to improve upon the weaknesses of rule-based approaches in that they don't require manual rule creation or maintenance.…”

Section: Introductionmentioning

confidence: 99%

Landscape and Taxonomy of Online Parser-Supported Log Anomaly Detection Methods

Lupton,

Washizaki,

Yoshioka

et al. 2024

IEEE Access

View full text Add to dashboard Cite

As production system estates become larger and more complex, ensuring stability through traditional monitoring approaches becomes more challenging. Rule-based monitoring is common in industrial settings, but it has limitations. These include the difficulty of crafting rules capable of detecting unforeseen issues and the burden of manually maintaining rule sets. A potential solution to effectively manage complex system states is log anomaly detection. Workflows for log anomaly detection utilize several fundamental components. These include preprocessors for data cleansing, parsers to extract structured information from raw log data, encoding algorithms to convert extracted data into usable model input features, anomaly detection methods to isolate anomalous signals, and feedback mechanisms to incrementally improve model performance. This study explores the current state of research into online parser-supported log anomaly detection methods, investigates recent research trends, compares the performances of parser and anomaly detection methods using common public datasets and metrics, and assesses their performance evolution over time. Additionally, it classifies available methods using a newly introduced taxonomy, highlights current research gaps, and recommends future research directions.INDEX TERMS Log parsing, log template extraction, online algorithms, anomaly detection.

show abstract

“…Log analysis can also be used for real-time detection of streaming attack behaviors, enabling timely attack discovery. Overall, server logs provide valuable data for detecting and preventing attacks on web applications [18].…”

Section: Introductionmentioning

confidence: 99%

Analysis of Attack Detection on Log Access Servers Using Machine Learning Classification: Integrating Expert Labeling and Optimal Model Selection

Ridwan,

Sembiring,

Setiawan

et al. 2024

SJI

View full text Add to dashboard Cite

Purpose: As the complexity and diversity of cyberattacks continue to grow, traditional security measures fall short in effectively countering these threats within web-based environments. Therefore, there is an urgent need to develop and implement innovative, advanced techniques tailored specifically to detect and address these evolving security risks within web applications.Methods: This research focuses on analyzing attack detection in log access servers using machine learning classification with two primary approaches: expert labeling integration and best model selection. Expert labeling determines whether log entries are safe or indicate an attack.Result: Validation in labeling was applied using different datasets to minimize errors and increase confidence in the resulting dataset. Experimental results show that the Decision Tree and Random Forest models have nearly identical accuracy rates, around 89.3%-89.4%, while the ANN model has an accuracy of 81%.Novelty: This study proposes a fusion of expert knowledge in labeling log entries with a rigorous process of selecting the best classification model. This integration has not been extensively explored in previous research, offering a novel approach to enhancing attack detection within web applications. The research contribution lies in the integration of expert security assessment and the selection of the best model for detecting attacks on server access logs, along with validating labels using various datasets from different log devices to enhance confidence in the analysis results.

show abstract

Web Server Attack Detection using Machine Learning

Cited by 11 publications

References 5 publications

Web Application Security Education Platform Based on OWASP API Security Project

Web Application Security Education Platform Based on OWASP API Security Project

Landscape and Taxonomy of Online Parser-Supported Log Anomaly Detection Methods

Analysis of Attack Detection on Log Access Servers Using Machine Learning Classification: Integrating Expert Labeling and Optimal Model Selection

Contact Info

Product

Resources

About