WebGuardRL: An Innovative Reinforcement Learning-based Approach for Advanced Web Attack Detection
Authors: 
Hien Do Hoang, Ha Nguyen Thi Hai, Hien Do Thi Thu, The Duy Phan, and Van-Hau PhamAuthors Info & Claims
Hien Do Hoang, Ha Nguyen Thi Hai, Hien Do Thi Thu, The Duy Phan, and Van-Hau PhamAuthors Info & ClaimsDecember 2023
Pages 761 - 768
Abstract
Web-based applications are often potential targets for attackers due to the important data and assets that they manage. With the explosion and increasing complexity of recent attacks aiming at these applications, traditional security solutions such as intrusion detection systems (IDS) or web application firewalls (WAF) become ineffective against unpredictable threats. Meanwhile, in the trend of applying AI techniques to achieve practical effectiveness in various fields, cutting-edge reinforcement learning (RL) has also gained more attention for its promising applications, one of which is sophisticated attack detection. In this study, we introduce an RL-based model, named WebGuardRL, to detect multiple advanced web attacks by analyzing URLs in HTTP requests containing various attack types. To achieve this, our model is equipped with the capability of representing URLs that differ from attack to attack in the same form for use in RL training. The experimental results and comparisons with other methods indicate the high accuracy and remarkable capability of our WebGuardRL in web attack detection.
References
[1]
Tekerek A., Gemci C., and Bay Ö. F.2016. Design and implementation of a web-based intrusion prevention system: a new hybrid model. Journal of The Faculty of Engineering and Architecture of Gazi University (2016).
[2]
Chuck Brooks. 2023. Cybersecurity Trends & Statistics; More Sophisticated And Persistent Threats So Far In 2023.
[3]
Francesco Caturano, Gaetano Perrone, and Simon Pietro Romano. 2021. Discovering reflected Cross-Site Scripting vulnerabilities using a Multiobjective Reinforcement Learning environment. Computers & Security 103 (01 2021), 102204.
[4]
ECML/PKDD 2007 Discovery Challenge. 2007. Attack Challenge - Dataset. https://www.lirmm.fr/pkdd2007-challenge/index.html##dataset.
[5]
Pradip Dhal and Chandrashekhar Azad. 2021. A comprehensive survey on feature selection in the various fields of machine learning. Applied Intelligence (2021).
[6]
László Erdődi and Fabio Massimo Zennaro. 2022. The Agent Web Model: modeling web hacking for reinforcement learning. International Journal of Information Security 21 (2022).
[7]
FSecurity. 2017. FWAF: Machine Learning driven Web Application Firewall. https://github.com/faizann24/Fwaf-Machine-Learning-driven-Web-Application-Firewall.
[8]
Carmen Torrano Giménez, Alejandro Pérez Villegas, and Gonzalo Álvarez Marañón.2012. HTTP Dataset CSIC 2010. https://www.tic.itefi.csic.es/dataset/.
[9]
Nivedita James. 2023. Recent Cyber Attacks – 2023. https://www.getastra.com/blog/security-audit/recent-cyber-attacks/.
[10]
Hacer Karacan and Mehmet Sevri. 2021. A Novel Data Augmentation Technique and Deep Learning Model for Web Application Security. IEEE Access PP (2021).
[11]
Koundinya Kuppa, Anushka Dayal, Shashank Gupta, Amit Dua, Pooja Chaudhary, and Shailendra Rathore. 2022. ConvXSS: A deep learning-based smart ICT framework against code injection attacks for HTML5 web applications in sustainable smart city infrastructure. Sustainable Cities and Society 80 (2022).
[12]
Jingxi Liang, Wen Zhao, and Wei Ye. 2017. Anomaly-Based Web Attack Detection: A Deep Learning Approach. In Proceedings of the 2017 VI International Conference on Network, Communication and Computing.
[13]
Manuel Lopez-Martin, Belen Carro, and Antonio Sanchez-Esguevillas. 2020. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications 141 (2020).
[14]
Dang Minh, H. Xiang Wang, Y. Fen Li, and Tan N. Nguyen. 2021. Explainable artificial intelligence: a comprehensive review. Artificial Intelligence Review (2021).
[15]
Morzeux. 2016. HttpParams Dataset. https://github.com/Morzeux/HttpParamsDataset.
[16]
Hai Thanh Nguyen and Katrin Franke. 2012. Adaptive Intrusion Detection System via online machine learning. In 2012 12th International Conference on Hybrid Intelligent Systems (HIS).
[17]
Hai Thanh Nguyen, Carmen Torrano-Gimenez, Gonzalo Alvarez, Katrin Franke, and Slobodan Petrović. 2012. Enhancing the effectiveness of Web Application Firewalls by generic feature selection. Logic Journal of the IGPL 21 (2012).
[18]
Waleed Shahid, Baber Aslam, Haider Abbas, Saad Khalid, and Hammad Afzal. 2021. An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling. Journal of Network and Computer Applications 198 (2021).
[19]
Waleed Shahid, Baber Aslam, Haider Abbas, Saad Khalid, and Hammad Afzal. 2021. An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling. Journal of Network and Computer Applications 198 (11 2021), 103270.
[20]
Iram Tariq, Muddassar Sindhu, Rabeeh Abbasi, Akmal Khattak, Onaiza Maqbool, and Ghazanfar Farooq. 2020. Resolving cross-site scripting attacks through genetic algorithm and reinforcement learning. Expert Systems with Applications 168 (2020).
[21]
Zhihong Tian, Chaochao Luo, Jing Qiu, Xiaojiang Du, and Mohsen Guizani. 2020. A Distributed Deep Learning System for Web Attack Detection on Edge Devices. IEEE Transactions on Industrial Informatics 16 (2020).
[22]
João Tomé. 2023. An August reading list about online security and 2023 attacks landscape. https://blog.cloudflare.com/an-august-reading-list-about-online-security-and-2023-attacks-landscape/.
Index Terms
- WebGuardRL: An Innovative Reinforcement Learning-based Approach for Advanced Web Attack Detection
Recommendations
XSS adversarial example attacks based on deep reinforcement learning
AbstractCross-site scripting (XSS) attack is one of the most serious security problems in web applications. Although deep neural network (DNN) has been used in XSS attack detection and achieved unprecedented success, it is vulnerable to ...
Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries
Best papers of the Sec Track at the 2006 ACM SymposiumWeb-based applications have become a popular means of exposing functionality to large numbers of users by leveraging the services provided by web servers and databases. The wide proliferation of custom-developed web-based applications suggests that ...
Towards DDoS attack detection using deep learning approach
AbstractDue to the extensive use and evolution in the cyber world, different network attacks have recently increased significantly. Distributed Denial-of-Service (DDoS) attack has become one of the fatal threats to the Internet, where attackers send ...
Comments
Information & Contributors
Information
Published In
December 2023
1058 pages
ISBN:9798400708916
DOI:10.1145/3628797
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 December 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
SOICT 2023
SOICT 2023: The 12th International Symposium on Information and Communication Technology
December 7 - 8, 2023
Ho Chi Minh, Vietnam
Acceptance Rates
Overall Acceptance Rate 147 of 318 submissions, 46%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 52Total Downloads
- Downloads (Last 12 months)52
- Downloads (Last 6 weeks)4
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format