Abstract
Web application firewalls (WAFs) and other Intrusion Detection Systems (IDS) techniques are employed to defend the network against web attacks. Even so, attacks may succeed since most WAFs demand extensive configuration expertise that depends on filters. Despite notable successes, deep information has been utilized in varied applications. Still, it’s crucial to have a reliable method for detecting the attack due to the attacker’s various ways of concealment of the URLs. Several methods were introduced for detecting the attacks in web applications; still, the accuracy of detection and the computation burden are challenging aspects. Hence, a web attack detection mechanism is introduced in this research using the deep learning framework using the URL request. The proposed method utilizes a three-fold attack detection strategy to detect the attack with minimal computation complexity. Initially, the profile is checked to determine the genuinity of a user, and then, the bot scanners are identified using the generalized adversarial network (GAN). Finally, the attack detection is employed using the transformer neural network, wherein the adjustable parameters are modified using the weighted mean of vectors (INFO) optimization technique. The performance of a proposed method is evaluated based on various assessment measures like Accuracy, Precision, Recall, F-Measure, TPR, FPR, FNR and TNR and acquired the values of 99.97%, 99.96%, 99.97%, 99.97%, 99.97%, 0.03%, 0.03%, and 99.97% respectively.
Similar content being viewed by others
Data Availability
Data sharing is not applicable to this article.
References
Inayat U, Zia MF, Mahmood S, Khalid HM, Benbouzid M (2022) Learning-based methods for cyber-attacks detection in IoT systems: a survey on methods, analysis, and future prospects. Electronics 11(9):1502
Tian Z, Luo C, Qiu J, Du X, Guizani M (2019) A distributed deep learning system for web attack detection on edge devices. IEEE Trans Industr Inf 16(3):1963–1971
Bozic J, Wotawa F (2020) Planning-based security testing of web applications with attack grammars. Software Qual J 28(1):307–334
Ramotsoela DT, Hancke GP, Abu-Mahfouz AM (2023) Practical Challenges of Attack Detection in Microgrids Using Machine Learning. J Sens Actuator Netw 12(1):7
Sadqi Y, Maleh Y (2022) A systematic review and taxonomy of web applications threats. Inf Secur J A Global Perspect 31(1):1–27
Chakir O, Rehaimi A, Sadqi Y, Krichen M, Gaba GS, Gurtov A (2023) An empirical assessment of ensemble methods and traditional machine learning techniques for web-based attack detection in industry 50. J King Saud Univ-Comput Inf Sci 35(3):103–19
Liu T, Qi Y, Shi L, Yan J (2019) Locate-then-detect: real-time web attack detection via attention-based deep neural networks. In: Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence. AAAI Press, Macao, China, pp 4725–4731
Mokbal FMM, Dan W, Imran A, Jiuchuan L, Akhtar F, Xiaoxi W (2019) MLPXSS: an integrated XSS-based attack detection scheme in web applications using multi-layer perceptron technique. IEEE Access 7:100567–100580
Wu Y, Wei D, Feng J (2020) Network attacks detection methods based on deep learning techniques: a survey. Secur Commun Netw 2020:1–7
Mahmoud MS, Hamdan MM, Baroudi UA (2019) Modeling and control of cyber-physical systems subject to cyber-attacks: A survey of recent advances and challenges. Neurocomputing 338:101–115
Cirillo S, Desiato D, Breve B (2019) CHRAVAT-chronology awareness visual analytic tool. In: 2019 23rd International Conference Information Visualisation (IV). IEEE, Paris, France, pp 255–260
Breve B, Caruccio L, Cirillo S, Desiato D, Deufemia V, Polese G (2020) Enhancing user awareness during internet browsing. In: Italian Conference on Cybersecurity. ICC, Ancona, Italy, pp 71–81
Cirillo S, Desiato D, Scalera M, Solimando G (2023) A visual privacy tool to help users in preserving social network data. In: Joint Proceedings of the Workshops, 9th International Symposium on End-User Development (IS-EUD 2023), Cagliari, Italy, June 6-8, 2023, vol 3408. CEUR, Cagliari, Italy
Ustebay S, Turgut Z, Aydin MA (2019) Cyber attack detection by using neural network approaches: shallow neural network, deep neural network and autoencoder. In: International Conference on Computer Networks, CN 2019, Kamień Śląski, Poland, June 25–27, 2019, Proceedings In book: Computer Networks, vol 26. Springer International Publishing, Kamień Śląski, Poland, pp 144–155
Pan Y, Sun F, Teng Z, White J, Schmidt DC, Staples J, Krause L (2019) Detecting web attacks with end-to-end deep learning. J Int Serv Appl 10(1):1–22
Wankhede S, Kshirsagar D (2018) DoS attack detection using machine learning and neural network. In: 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA). IEEE, Pune, India, pp 1–5
Alidoosti M, Nowroozi A, Nickabadi A (2020) Evaluating the web-application resiliency to business-layer DoS attacks. ETRI J 42(3):433–445
Ch R, Gadekallu TR, Abidi MH, Al-Ahmari A (2020) Computational system to classify cyber crime offenses using machine learning. Sustain 12(10):4087
Bout E, Loscri V, Gallais A (2021) How Machine Learning changes the nature of cyberattacks on IoT networks: A survey. IEEE Commun Surv Tutor 24(1):248–279
Shaukat K, Luo S, Varadharajan V, Hameed IA, Xu M (2020) A survey on machine learning techniques for cyber security in the last decade. IEEE Access 8:222310–222354
Asharf J, Moustafa N, Khurshid H, Debie E, Haider W, Wahab A (2020) A review of intrusion detection systems using machine and deep learning in Internet of things: Challenges, solutions and future directions. Electronics 9(7):1177
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Futur Gener Comput Syst 82:761–768
Alaoui RL, Nfaoui EH (2022) Deep learning for vulnerability and attack detection on web applications: A systematic literature review. Fut Int 14(4):118
Shahid WB, Aslam B, Abbas H, Khalid SB, Afzal H (2022) An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling. J Netw Comput Appl 198:103270
Tekerek A (2021) A novel architecture for web-based attack detection using convolutional neural network. Comput Secur 100:102096
Seyyar YE, Yavuz AG, Ünver HM (2022) An attack detection framework based on BERT and deep learning. IEEE Access 10:68633–68644
Gong X, Lu J, Zhou Y, Qiu H, He R (2021) Model uncertainty based annotation error fixing for web attack detection. J Signal Process Syst 93:187–199
Luo C, Tan Z, Min G, Gan J, Shi W, Tian Z (2020) A novel web attack detection system for Internet of things via ensemble classification. IEEE Trans Industr Inf 17(8):5810–5818
CSIC web application attack detection dataset. https://www.kaggle.com/datasets/ispangler/csic-2010-web-application.attacks?select=csic_database.csv. Accessed August 2023
Sikder MNK, Nguyen MB, Elliott ED, Batarseh FA (2023) Deep H2O: Cyber attacks detection in water distribution systems using deep learning. J Water Process Eng 52:103568
Diaba SY, Anafo T, Tetteh LA, Oyibo MA, Alola AA, Shafie-Khah M, Elmusrati M (2023) SCADA securing system using deep learning to prevent cyber infiltration. Neural Netw 165:321–332
Ahmadianfar I, Heidari AA, Noshadian S, Chen H, Gandomi AH (2022) INFO: An efficient optimization algorithm based on weighted mean of vectors. Expert Syst Appl 195:116516
Funding
No funding is provided for the preparation of the manuscript.
Author information
Authors and Affiliations
Contributions
All authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Conflict of Interest
Authors declare that they have no conflict of interest.
Ethical Approval
This article does not contain any studies with human participants or animals performed by any authors.
Consent to participate
All authors have agreed to participate in this submitted article.
Consent to Publish
All the authors involved in this manuscript give full consent for publication of this submitted article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Deshpande, K.V., Singh, J. Weighted transformer neural network for web attack detection using request URL. Multimed Tools Appl 83, 43983–44007 (2024). https://doi.org/10.1007/s11042-023-17356-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-023-17356-9