| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 1.12 MB | Adobe PDF |
Authors
Abstract(s)
Web applications are essential for accessing online services, but they often suffer from vulnerabilities due to their rapid development and human error. This leaves them susceptible to attacks,
necessitating security analysts to manage numerous threats and alerts. However, traditional alerts
typically lack detailed information about the nature of attacks, which complicates risk assessment
and increases remediation efforts. Network Intrusion Detection Systems (NIDS) are a primary
defense against such attacks, using Deep Packet Inspection (DPI) to detect malicious activities by
analyzing network traffic packet contents. However, the widespread adoption of HTTPS, which
encrypts traffic to ensure confidentiality, hampers NIDS’ effectiveness by obscuring packet contents.
This dissertation presents an innovative approach to enhance web application security by detecting and classifying web injection attacks using Natural Language Processing (NLP) and Machine Learning (ML) algorithms. The approach addresses the encrypted network traffic challenge
without decrypting their content packets by analyzing network flows (Netflows) and leveraging
web server logs. Initially, unsupervised ML algorithms detect anomalous Netflows, and their
corresponding contents are further inspected using NLP and supervised ML to classify attacks.
A Locality Sensitive Hashing (LSH) algorithm establishes a Similarity Search Engine (SSE) to
recognize known web application attacks. Our resulting system focuses on identifying and classifying various web attacks, including SQL Injection (SQLI), Cross-Site Scripting (XSS), Directory Traversal (DT), Template Injection (TI), OS Command Injection (OSCI), CRLF Injection
(CRLFI), Code Injection (CI), and XML External Entity (XXE) attacks.
The evaluation performed for the solution demonstrated the feasibility of using the combination of NLP and ML for attack classification, showing that the solution can effectively identify and
categorize malicious traffic, improving web application security. This solution can provide valuable information for alert prioritization, assessment, and remediation, benefiting security analysts
and enhancing the protection of web applications against sophisticated threats.
Description
Tese de Mestrado, Engenharia Informática, 2024, Universidade de Lisboa, Faculdade de Ciências
Keywords
Classificação de ataques de injeção na Web Aprendizagem automática Processamento de Linguagem Natural Locality Sensitive Hashing Segurança de aplicações web Teses de mestrado - 2024