Predicting Web Vulnerabilities in Web Applications Based on Machine Learning

2019 ◽  
pp. 473-484 ◽  
Author(s):  
Muhammad Noman Khalid ◽  
Humera Farooq ◽  
Muhammad Iqbal ◽  
Muhammad Talha Alam ◽  
Kamran Rasheed
Keyword(s):  
Machine Learning ◽  
Web Applications ◽  
Web Vulnerabilities

scholarly journals Algorithm for detecting attacks on Web applications based on machine learning methods and attributes queries

2022 ◽  
Vol 2 (14) ◽  
pp. 26-34
Author(s):  
Nguyen Manh Thang ◽  
Tran Thi Luong
Keyword(s):  
Machine Learning ◽  
Web Application ◽  
Cloud Storage ◽  
Web Applications ◽  
Detection Algorithm ◽  
Learning Methods ◽  
Google Docs ◽  
Effective Work ◽  
Web Resources ◽  
Machine Learning Methods

Abstract—Almost developed applications tend to become as accessible as possible to the user on the Internet. Different applications often store their data in cyberspace for more effective work and entertainment, such as Google Docs, emails, cloud storage, maps, weather, news,... Attacks on Web resources most often occur at the application level, in the form of HTTP/HTTPS-requests to the site, where traditional firewalls have limited capabilities for analysis and detection attacks. To protect Web resources from attacks at the application level, there are special tools - Web Application Firewall (WAF). This article presents an anomaly detection algorithm, and how it works in the open-source web application firewall ModSecurity, which uses machine learning methods with 8 suggested features to detect attacks on web applications. Tóm tắt—Hầu hết các ứng dụng được phát triển có xu hướng trở nên dễ tiếp cận nhất có thể đối với người dùng qua Internet. Các ứng dụng khác nhau thường lưu trữ dữ liệu trên không gian mạng để làm việc và giải trí hiệu quả hơn, chẳng hạn như Google Docs, email, lưu trữ đám mây, bản đồ, thời tiết, tin tức,... Các cuộc tấn công vào tài nguyên Web thường xảy ra nhất ở tầng ứng dụng, dưới dạng các yêu cầu HTTP/HTTPS đến trang web, nơi tường lửa truyền thống có khả năng hạn chế trong việc phân tích và phát hiện các cuộc tấn công. Để bảo vệ tài nguyên Web khỏi các cuộc tấn công ở tầng ứng dụng, xuất hiện các công cụ đặc biệt - Tường lửa Ứng dụng Web (WAF). Bài viết này trình bày thuật toán phát hiện bất thường và cách thức hoạt động của tường lửa ứng dụng web mã nguồn mở ModSecurity khi sử dụng phương pháp học máy với 8 đặc trưng được đề xuất để phát hiện các cuộc tấn công vào các ứng dụng web.

scholarly journals XSS Vulnerability Assessment Procedure and Mitigation for Web Application

2020 ◽  
Vol 8 (6) ◽  
pp. 5279-5281
Keyword(s):  
Vulnerability Assessment ◽  
Web Application ◽  
Web Applications ◽  
Assessment Procedure ◽  
User Comments ◽  
Web Vulnerabilities ◽  
Client Side

CSS is one of the foremost routine vulnerabilities that affect many web applications. XSS attacks are essentially malicious injections (client-side) that are added to an internet page or app through user comments, form submissions, and so on. The most danger behind XSS is that it allows attackers to inject content into the online app. The injected content can modify how it's displayed, forcing the browser to execute the attacker’s code. Web vulnerabilities are developed for scanning whole webpage of internet sites. Vulnerability Assessment is that the process of identifying vulnerabilities in your application’s environment. Vulnerability is defined as a weakness or flaw within the system that permits an attacker or insider to access the system during a way they’re not authorized.

scholarly journals An OWASP Top Ten Driven Survey on Web Application Protection Methods

2020 ◽  
Author(s):  
Ouissem Ben Fredj ◽  
omar cheikhrouhou ◽  
Moez Krichen ◽  
Habib Hamam ◽  
Abdelouahid Derhab
Keyword(s):  
Web Application ◽  
Data Exchange ◽  
Web Applications ◽  
Sensitive Data ◽  
Web Vulnerabilities ◽  
Broad Scale

Web applications (WAs) are constantly evolving and deployed at broad scale. However, they are exposed to a variety of attacks. The biggest challenge facing organizations is how to develop a WA that fulfills their requirements with respect to sensitive data exchange, E-commerce, and secure workflows. This paper identifies the most critical web vulnerabilities according to OWASP Top Ten, their corresponding attacks, and their countermeasures. The application of these countermeasures will guarantee the protection of the WAs against the most severe attacks and prevent several unknown exploits.

Applicability of Machine Learning Methods on Mobile App Effort Estimation: Validation and Performance Evaluation

2020 ◽  
Vol 30 (01) ◽  
pp. 23-41 ◽  
Author(s):  
Mamta Pandey ◽  
Ratnesh Litoriya ◽  
Prateek Pandey
Keyword(s):  
Machine Learning ◽  
Cost Estimation ◽  
Web Applications ◽  
Fuzzy Inference ◽  
Mobile Apps ◽  
Mobile App ◽  
Effort Estimation ◽  
Operational Environment ◽  
Software Cost ◽  
Absolute Residual

Software cost estimation is one of the most crucial tasks in a software development life cycle. Some well-proven methods and techniques have been developed for effort estimation in case of classical software. Mobile applications (apps) are different from conventional software by their nature, size and operational environment; therefore, the established estimation models for traditional desktop or web applications may not be suitable for mobile app development. The objective of this paper is to propose a framework for mobile app project estimation. The research methodology adopted in this work is based on selecting different features of mobile apps from the SAMOA dataset. These features are later used as input vectors to the selected machine learning (ML) techniques. The results of this research experiment are measured in mean absolute residual (MAR). The experimental outcomes are then followed by the proposition of a framework to recommend an ML algorithm as the best match for superior effort estimation of a project in question. This framework uses the Mamdani-type fuzzy inference method to address the ambiguities in the decision-making process. The outcome of this work will particularly help mobile app estimators, development professionals, and industry at large to determine the required efforts in the projects accurately.

scholarly journals Design and Development of Diabetes Management System Using Machine Learning

2020 ◽  
Vol 2020 ◽  
pp. 1-17
Author(s):  
Robert A. Sowah ◽  
Adelaide A. Bampoe-Addo ◽  
Stephen K. Armoo ◽  
Firibu K. Saalia ◽  
Francis Gatsi ◽  
...  
Keyword(s):  
Machine Learning ◽  
Management System ◽  
Web Applications ◽  
Diabetes Management ◽  
Classification Model ◽  
Management Problem ◽  
Food Recognition ◽  
Question And Answer ◽  
Cross Platform ◽  
User Friendly

This paper describes the design and implementation of a software system to improve the management of diabetes using a machine learning approach and to demonstrate and evaluate its effectiveness in controlling diabetes. The proposed approach for this management system handles the various factors that affect the health of people with diabetes by combining multiple artificial intelligence algorithms. The proposed framework factors the diabetes management problem into subgoals: building a Tensorflow neural network model for food classification; thus, it allows users to upload an image to determine if a meal is recommended for consumption; implementing K-Nearest Neighbour (KNN) algorithm to recommend meals; using cognitive sciences to build a diabetes question and answer chatbot; tracking user activity, user geolocation, and generating pdfs of logged blood sugar readings. The food recognition model was evaluated with cross-entropy metrics that support validation using Neural networks with a backpropagation algorithm. The model learned features of the images fed from local Ghanaian dishes with specific nutritional value and essence in managing diabetics and provided accurate image classification with given labels and corresponding accuracy. The model achieved specified goals by predicting with high accuracy, labels of new images. The food recognition and classification model achieved over 95% accuracy levels for specific calorie intakes. The performance of the meal recommender model and question and answer chatbot was tested with a designed cross-platform user-friendly interface using Cordova and Ionic Frameworks for software development for both mobile and web applications. The system recommended meals to meet the calorific needs of users successfully using KNN (with k=5) and answered questions asked in a human-like way. The implemented system would solve the problem of managing activity, dieting recommendations, and medication notification of diabetics.

scholarly journals Detecting Website Defacements Based on Machine Learning Techniques and Attack Signatures

Computers ◽  
2019 ◽  
Vol 8 (2) ◽  
pp. 35 ◽  
Author(s):  
Xuan Dau Hoang ◽  
Ngoc Tuong Nguyen
Keyword(s):  
Machine Learning ◽  
Web Applications ◽  
False Positive Rate ◽  
Training Data ◽  
Machine Learning Techniques ◽  
Web Pages ◽  
Government Organizations ◽  
Detection Model ◽  
Learning Techniques ◽  
Positive Rate

Defacement attacks have long been considered one of prime threats to websites and web applications of companies, enterprises, and government organizations. Defacement attacks can bring serious consequences to owners of websites, including immediate interruption of website operations and damage of the owner reputation, which may result in huge financial losses. Many solutions have been researched and deployed for monitoring and detection of website defacement attacks, such as those based on checksum comparison, diff comparison, DOM tree analysis, and complicated algorithms. However, some solutions only work on static websites and others demand extensive computing resources. This paper proposes a hybrid defacement detection model based on the combination of the machine learning-based detection and the signature-based detection. The machine learning-based detection first constructs a detection profile using training data of both normal and defaced web pages. Then, it uses the profile to classify monitored web pages into either normal or attacked. The machine learning-based component can effectively detect defacements for both static pages and dynamic pages. On the other hand, the signature-based detection is used to boost the model’s processing performance for common types of defacements. Extensive experiments show that our model produces an overall accuracy of more than 99.26% and a false positive rate of about 0.27%. Moreover, our model is suitable for implementation of a real-time website defacement monitoring system because it does not demand extensive computing resources.

Web Client and Web Server approaches to Prevent XSS Attacks

2005 ◽  
Vol 4 (2) ◽  
pp. 345-352 ◽  
Author(s):  
Jyoti Snehi ◽  
Dr. Renu Dhir
Keyword(s):  
Web Applications ◽  
Web Server ◽  
Background Process ◽  
Web Vulnerabilities ◽  
Cross Site

Websites rely completely on complex web applications to deliver content to all users according to set preferences and specific needs. In this manner organizations provide better value to their customers and prospects. Dynamic websites suffer from various vulnerabilities rendering organizations helpless and prone to cross site scripting attacks. Cross Site Scripting attacks are difficult to detect because they are executed as a background process. Cross Site Scripting is the most common web vulnerabilities in existence today which is most exploited issue .In this paper we have presented various approaches used by clients and Server to prevent XSS attacks

Sign in / Sign up

Export Citation Format

Share Document