Victor Odumuyiwa and Analogbei Chibueze, Department of Computer Science, University of Lagos, Nigeria
As the world becomes more and more connected through the Internet, with processes and objects becoming more and more digitalized, an attending consequence is the increase in cyber-attacks experienced globally. One of such attack is the HTTP injection attack experienced in Web communication.
Web communication over the Internet is built on the HTTP protocol using a client-server architecture, where a dedicated computer acts as the server to various clients, providing necessary information requested by the clients. HTTP injection attacks are well known cyber security threats with fatal consequences. These attacks initiated by malicious entities (either human or computer) send dangerous or unsafe malicious contents into the parameters of HTTP requests.
HTTP injection attacks come in various forms, the common ones include SQL (Structured Query Language) injection, XSS (Cross-Site Scripting), Command Injection, LDAP (Lightweight Directory Access Protocol) Injection, XPath (XML Path Language) Injection, and SSI (Server-Side Includes) Injection. HTTP injection attacks are the most common type of cybersecurity attacks and can have severe consequences for the target companies and users. According to the Cybersecurity Ventures report sponsored by Herjavec Group, damages from cyber-attacks will cost up to six trillion US dollars by 2021. The majority of these cyber-attacks will come in form of injection attacks, targeting the database or data store of the webserver. HTTP injection attacks can lead to data loss, data alteration or server crash and, for an online data driven service, the damage control can be expensive or even irredeemable. Internet users need assurance that their stored data will be available when needed, authentic when sent or received, credible, and of good integrity. Hackers will not relent their actions to illegally access Internet users’ data using known attacks or even new types of attacks in order to get access to the webserver.
Combatting injection attacks demands for the development of Web Intrusion Detection Systems (WIDS). Common WIDS follow a rule-based or a signature-based approach, which have the common problem of high false-positive rates (wrongly classifying malicious HTTP requests) hence restricting such WIDS to only one type of web application. They are easily bypassed and unable to detect new kinds of malicious attacks as they lack a sufficient model of understanding the representations of HTTP request parameters.
As cyber-attacks grow in dimension and sophistication, the development of more powerful and secure WIDS is desirable. In this paper, deep learning techniques are used to develop models that would automatically detect injection attacks in HTTP requests. Two deep learning algorithms, Convolutional Neural Network (CNN) and Deep Neural Network (DNN), are used with a character embedding layer to build a WIDS. The addition of the embedding layer is to provide a better and more effective representation of HTTP requests to the deep learning models for better classification of requests.
The experimentation results showed that with deep learning, better injection attack detection is possible and given the right dataset, a trained deep learning detection model with a character embedding layer would be able to correctly classify for any web application even when faced with new (previously unseen) attacks.
The full article can be found on the River Publishers website: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/2263