CFP last date
20 January 2025
Reseach Article

Web Application Attacks Detection: A Survey and Classification

by Nadya Elbachir El Moussaid, Ahmed Toumanari
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 103 - Number 12
Year of Publication: 2014
Authors: Nadya Elbachir El Moussaid, Ahmed Toumanari
10.5120/18123-9085

Nadya Elbachir El Moussaid, Ahmed Toumanari . Web Application Attacks Detection: A Survey and Classification. International Journal of Computer Applications. 103, 12 ( October 2014), 1-6. DOI=10.5120/18123-9085

@article{ 10.5120/18123-9085,
author = { Nadya Elbachir El Moussaid, Ahmed Toumanari },
title = { Web Application Attacks Detection: A Survey and Classification },
journal = { International Journal of Computer Applications },
issue_date = { October 2014 },
volume = { 103 },
number = { 12 },
month = { October },
year = { 2014 },
issn = { 0975-8887 },
pages = { 1-6 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume103/number12/18123-9085/ },
doi = { 10.5120/18123-9085 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:34:21.038342+05:30
%A Nadya Elbachir El Moussaid
%A Ahmed Toumanari
%T Web Application Attacks Detection: A Survey and Classification
%J International Journal of Computer Applications
%@ 0975-8887
%V 103
%N 12
%P 1-6
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The number of attacks is increasing day by day, especially the web attacks due to the shift of the majority of companies towards web applications. Therefore, the security of their sensitive data against attackers becomes a crucial matter for all organization and companies. Thus the necessity to use intrusion detection systems are required in order to increases the protection and prevent attackers from exploiting these data in illegal way. In this paper we begin by giving a survey of web application attacks and vulnerabilities, also approaches to improve the web application security using intrusion detection systems and scanners based on machine learning and artificial intelligence. When it comes to vulnerability, it is also an attack which exploits this vulnerability; therefore our paper presents web intrusion detection system based on detection of web vulnerabilities. Experimental results have been acquired from HTTP simulations in our network and from responses of HTTP requests sent to a bunch of websites and applications to test the efficiency of our intrusion detection system. This efficiency can be noticed from a High detection rate which is greater than 90%.

References
  1. N. El Moussaid, A. Toumanari, M. Elazhari, "Intrusion detection based on clustering algorithm", International Journal of Electronics and Computer Science Engineering, Vol. 2, p. 1059 – 1064, 2013.
  2. M. Moorthy, S. Sathiyabama, "A study of intrusion detection using data mining", IEEE-International Conference On Advances In Engineering, Sciense And Management (ICAE-2012).
  3. Y. Qing, W. Xiaoping, H. Gaofeng, " An intrusion detection system based on data mining", 2nd International Conference on Future Computer and Communication, Vol. 1, p. 695-698, 2010.
  4. S. Naiping, Z. Genyuan, "A study on intrusin detection based on data mining", International Conference of Information Science and Management Engineering 2010.
  5. M. Ektefa, S. Memar, F. Sidi, L. Suriani Affendy, "Intrusion detection using data mining Techniques", International Conference on Information Retrieval & Knowledge Management, (CAMP), p. 200 – 203, 2010.
  6. C. Miao, W. Chen, "A study of intrusion detection system based on data- mining", IEEE International Conference on Information Theory and Information Security (ICITIS), p. 186 – 189, 2010.
  7. http://projects. webappsec. org/w/page/13246988/Web%20Application%20Security%20Scanner%20List
  8. R. Johari, p. Sharma, "A survey on web application vulnerabilities (SQLIA,XSS) exploitation and security engine for SQL injection", International Conference on Communication Systems and Network Technologies, 2012.
  9. A. Klein,"DOM based cross site scripting or XSS of the third kind", (WASC writeup), July 2005.
  10. J. McHugh, "Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory", ACM Transactions on Information and System Security, Vol. 3, No. 4, November 2000.
  11. P. Proctor, "Practical intrusion detection handbook". Upper Saddle River, NJ, USA, 2000.
  12. G. Vigna, W. Robertson, V. Kher, and R. A. Kemmerer, "A stateful intrusion detection system for world-wide web servers", 19th Annual Computer Security Applications Conference, 2003. Proceedings. (ACSAC 2003), p. 34-43, Las Vegas, NV, December 2003.
  13. M. Almgren, Ulf Lindqvist. "Application-integrated data collection for security monitoring". Proceedings of the fourth International Symposium on Recent Advances in Intrusion Detection (RAID 2001), Vol. 2212, p. 22-36, Davis, California, Oct. 10,12, 2001
  14. S. -A. Hofmeyr, S. Forrest, A. Somayaji, "Intrusion detection using sequences of system calls", Journal of Computer Security, V:6, p: 151-180, August 18, 1998.
  15. C. Ko, G. Fink and K. N Levitt, "Automated detection of vulnerabilities in privileged programs by execution monitoring", Proceedings of the 10th Annual Computer Security Applications Conference (ACSAC'94), p:134-144, 1994.
  16. D. Gao, M. -K. Reiter, D. Song, "Gray-box extraction of execution graphs for anomaly detection". In Proceedings of the 11th ACM conference on Computer and communications security, p. 318-329, 2004.
  17. C. Kruegel, D. Mutz, F. Valeur, G. Vigna, "On the detection of anomalous system call arguments", In 8th European Symposium on Research in Computer Security (ESORICS 2003), Vol. 2808, p: 326-343, October 2003.
  18. M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna. "Swaddler: An approach for the anomaly-based detection of state violations in web applications", RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection, p. 63-86, 2007.
  19. R. Ludinard, E. Totel, F. Tronel, V. Nicomette, M. Kaaniche, E. Alata, R. Akrout, Y. Bachy, "Detecting attacks against data in web applications", 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), p:1-8, 2012.
  20. L. K. Shar, H. B. Kuan Tan, "Mining input aanitization patterns for predicting SQL injection and cross site scripting vulnerabilities", 34th International Conference on Software Engineering (ICSE), p: 1293 – 1296, 2012.
  21. W. G. J. Halfond, J. Viegas, and A. Orso, "A classification of SQL injection attacks and countermeasures", In Proceedings of the international Symposium on secure Software Engineering (ISSSE), 2006.
  22. A. Dessiatnikoff R. Akrout E. Alata M. Kaˆ aniche V. Nicomette, "A clustering approach for web vulnerabilities detection", 17th IEEE Pacific Rim International Symposium on Dependable Computing, p: 194 – 203, 2011.
  23. http://www. dmoz. org
  24. http://www. xssed. com
  25. http://www. cs. waikato. ac. nz/ml/weka/
Index Terms

Computer Science
Information Sciences

Keywords

Web Application Security Web Application Vulnerabilities Intrusion Detection System (IDS) Classification Machine learning Weka.