IEIE Transactions on Smart Processing and Computing

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지
DOI QR코드

DOI QR Code

Improving Malicious Web Code Classification with Sequence by Machine Learning

  • Paik, Incheon (School of Computer Science and Engineering, University of Aizu)
  • Received : 2014.01.15
  • Accepted : 2014.07.28
  • Published : 2014.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Web applications make life more convenient. Many web applications have several kinds of user input (e.g. personal information, a user's comment of commercial goods, etc.) for the activities. On the other hand, there are a range of vulnerabilities in the input functions of Web applications. Malicious actions can be attempted using the free accessibility of many web applications. Attacks by the exploitation of these input vulnerabilities can be achieved by injecting malicious web code; it enables one to perform a variety of illegal actions, such as SQL Injection Attacks (SQLIAs) and Cross Site Scripting (XSS). These actions come down to theft, replacing personal information, or phishing. The existing solutions use a parser for the code, are limited to fixed and very small patterns, and are difficult to adapt to variations. A machine learning method can give leverage to cover a far broader range of malicious web code and is easy to adapt to variations and changes. Therefore, this paper suggests the adaptable classification of malicious web code by machine learning approaches for detecting the exploitation user inputs. The approach usually identifies the "looks-like malicious" code for real malicious code. More detailed classification using sequence information is also introduced. The precision for the "looks-like malicious code" is 99% and for the precise classification with sequence is 90%.

Keywords

References

  1. W.G.Halfond and A.Orso, "AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks," Proc. IEEE and ACM International Conference on Automatic Software Engineering (ASE 2005), Long Beach, CA, USA, Nov 2005. Article (CrossRef Link)
  2. The Open Web Application Security Project (OWASP). The Ten Most Critical Web Application Security Risks 2010. https://www.owasp.org/index.php/Top_10_2010-Main
  3. Z.Su and G.Wassermann, "The Essence of Command Injection Attacks in Web Applications," The 33rd Annual Symposium on Principles of Programming Language (POPL 2006), Jan 2006. Article (CrossRef Link)
  4. V.Haldar, D.Chandra, and M.Franz, "Dynamic Taint Propagation for Java," Proc. 21st Annual Computer Security Applications Conference, Dec 2005. Article (CrossRef Link)
  5. G.T.Buehrer, B.W.Weide, and P.A.G.Sivilotti, "Using Parse Tree Validation to Prevent SQL Injection Attacks," International Workshop on Software Engineering and Middleware (SEM), 2005. Article (CrossRef Link)
  6. S.W.Boyd and A.D.keromytis, "SQLrand: Preventing SQL Injection Attacks," Proc. the 2nd Applied Cryptography and Network Security (ACNS) Conference, pp. 292-302, Jun 2004. Article (CrossRef Link)
  7. C.Cortes and V.Vapnik, "Support vector networks," Machine Learning, 20, pp. 273-297, 1995. Article (CrossRef Link)
  8. D.Pedro and M.Pazzani, "On the optimality of the simple Bayesian classifier under zero-one loss," Machine Learning, 29, pp. 103-137, 1997. Article (CrossRef Link) https://doi.org/10.1023/A:1007413511361
  9. Belur V.Dasarathy, "Nearest neighbor (NN) norms: Nn pattern classification techniques," IEEE Computer Society Press, 1991. Article (CrossRef Link)
  10. N.Cristianini and J.Shawe-Taylor, "An Introduction to Support Vector Machine and Other Kernel-based Learning Methods," Cambridge University Press, 2000. Article (CrossRef Link)
  11. David L.Olson and D.Delen, "Advanced Data Mining Techniques," Springer; 1 edition, pp. 138, Feb 2008. Article (CrossRef Link)
  12. R. Komiya, Incheon Paik, Masayuki Hisada, Classification of Malicious Web Code by Machine Learning, Proceedings of IEEE 3rd International Conference on Awareness Science and Technology, Dalian, China, September 27-30, 2011. Article (CrossRef Link)

Cited by

  1. Counter Measures by using Execution Plan Analysis against SQL Injection Attacks vol.53, pp.2, 2016, https://doi.org/10.5573/ieie.2016.53.2.076