Abstract
Safeguarding websites is of utmost importance nowadays because of a wide variety of attacks being launched against them. Moreover, lack of security awareness and widespread use of traditional security solutions like simple Web Application Firewalls (WAFs) has further aggravated the problem. Researchers have moved towards employing sophisticated machine learning and deep learning based techniques to counter common web attacks like the SQL injection (SQLi) and Cross Site Scripting (XSS). Lately, keen interest has been taken in tackling these attacks through cyber deception. In this paper, we propose an ensemble based deep learning approach by combining Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) models. This detection framework also contains a Session Maintenance Module (SMM) which maintains user state in an otherwise stateless protocol by analyzing cookies thereby providing further optimization. The proposed framework detects SQLi and XSS attacks with an accuracy of 99.83% and 99.47% respectively. Moreover, in order to engage attackers, a deception module based on dockers has been proposed which contains deceptive lures to engage the attacker. The deceptive module has the capability to detect zero-days and is more efficient when compared to other similar solutions.
Original language | English |
---|---|
Pages | 183-195 |
DOIs | |
Publication status | Published - 9 Dec 2022 |
Externally published | Yes |
Event | 14th Asian Conference on Intelligent Information and Database Systems - Ho Chi Minh City, Viet Nam Duration: 28 Nov 2022 → 30 Nov 2022 Conference number: 14 https://aciids.pwr.edu.pl/2022/ |
Conference
Conference | 14th Asian Conference on Intelligent Information and Database Systems |
---|---|
Country/Territory | Viet Nam |
City | Ho Chi Minh City |
Period | 28/11/22 → 30/11/22 |
Internet address |
Keywords
- SQL injection attacks
- XSS
- Deep Learning
- Deception