A Proposal of Algorithm for Web Applications Cyber Attack Detection

  • Rafał Kozik
  • Michał Choraś
  • Rafał Renk
  • Witold Hołubowicz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8838)


Injection attacks (e.g. XSS or SQL) are ranked at the first place in world-wide lists (e.g. MITRE and OWASP). These types of attacks can be easily obfuscated. Therefore it is difficult or even impossible to provide a reliable signature for firewalls that will detect such attacks. In this paper, we have proposed an innovative method for modelling the normal behaviour of web applications. The model is based on information obtained from HTTP requests generated by a client to a web server. We have evaluated our method on CSIC 2010 HTTP Dataset achieving satisfactory results.


web attacks detection web applications firewall machine learning data mining 


  1. 1.
    Choraś, M., Kozik, R., Flizikowski, A., Hołubowicz, W.: Ontology Applied in Decision Support System for Critical Infrastructures Protection. In: García-Pedrajas, N., Herrera, F., Fyfe, C., Benítez, J.M., Ali, M. (eds.) IEA/AIE 2010, Part I. LNCS (LNAI), vol. 6096, pp. 671–680. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Choraś, M., Kozik, R., Piotrowski, R., Brzostek, J., Hołubowicz, W.: Network Events Correlation for Federated Networks Protection System. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 100–111. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Choraś, M., Kozik, R.: Network Event Correlation and Semantic Reasoning for Federated Networks Protection System. In: Chaki, N., Cortesi, A., et al. (eds.) CISIM 2011. CCIS, vol. 245, pp. 48–54. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    OWASP Top 10 2010, The Ten Most Critical Web Application Security Risks (2010)Google Scholar
  5. 5.
  6. 6.
    Shar, L., Tan, H.: Predicting common web application vulnerabilities from input validation and sanitization code patterns. In: 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE), IEEE (2012)Google Scholar
  7. 7.
    Yu, F., Alkhalaf, M., Bultan, T.: Stranger: An automata-based string analysis tool for PHP. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 154–157. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Halfond, W.G.J., Orso, A.: AMNESIA: Analysis and monitoring for NEutralizing SQL-injection attacks. In: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering. ACM (2005)Google Scholar
  9. 9.
  10. 10.
    PHP-IDS project homepage,
  11. 11.
    Apache Scalp Project homepage,
  12. 12.
    Snort project homepage,
  13. 13.
    Perl-compatible regular expressions (pcre),
  14. 14.
  15. 15.
  16. 16.
    Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrović, S., Franke, K.: Application of the Generic Feature Selection Measure in Detection of Web Attacks. In: Herrero, Á., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 25–32. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    WEKA tool. ROC curve generation,

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Rafał Kozik
    • 1
    • 2
  • Michał Choraś
    • 1
    • 2
  • Rafał Renk
    • 1
    • 3
  • Witold Hołubowicz
    • 2
    • 3
  1. 1.ITTI Ltd.PoznańPoland
  2. 2.Institute of TelecommunicationsUT&LS BydgoszczPoland
  3. 3.Adam Mickiewicz University, UAMPoznanPoland

Personalised recommendations