Modelling HTTP Requests with Regular Expressions for Detection of Cyber Attacks Targeted at Web Applications

  • Rafał Kozik
  • Michał Choraś
  • Rafał Renk
  • Witold Hołubowicz
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 299)


In this paper we present our further research results concerning detection of cyber attacks targeted at the application layer. In particular we focus on detecting SQLIA (SQL Injection Attacks) and XSS (Cross Site Scripting). In our approach, we model normal traffic (HTTP requests) with the use of regular expressions. We report very good results achieved on the large benchmark CISC’10 database and compare them to other solutions.


Cyber security SQL injection XSS injection Machine Learning Regular Expressions 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Choraś, M., Kozik, R., Puchalski, D., Hołubowicz, W.: Correlation Approach for SQL Injection Attacks Detection. In: Herrero, Á., Snášel, V., Abraham, A., Zelinka, I., Baruque, B., Quintián, H., Calvo, J.L., Sedano, J., Corchado, E., et al. (eds.) Int. Joint Conf. CISIS’12-ICEUTE’12-SOCO’12. AISC, vol. 189, pp. 177–185. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Choraś, M., Kozik, R.: Real-Time Analysis of Non-stationary and Complex Network Related Data for Injection Attempts Detection. In: Snasel, V., et al. (eds.) Soft Computing in Industrial Applications. AISC, vol. 223, pp. 257–264. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  3. 3.
    Choraś, M., Kozik, R.: Evaluation of Various Techniques for SQL Injection Attack Detection. In: Burduk, R., Jackowski, K., Kurzynski, M., Wozniak, M., Zolnierek, A., et al. (eds.) CORES 2013. AISC, vol. 226, pp. 751–760. Springer, Heidelberg (2013)Google Scholar
  4. 4.
    Kozik, R., Choraś, M.: Machine Learning Techniques for Cyber Attacks Detection. In: Choras, R.S. (ed.) Image Processing and Communications Challenges 5. AISC, vol. 233, pp. 385–392. Springer, Heidelberg (2014)Google Scholar
  5. 5.
    Needleman Saul, B., Wunsch Christian, D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. Journal of Molecular Biology 48 (1970)Google Scholar
  6. 6.
    Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proc. of ACM Symposium on Applied Computing, pp. 201–208 (2002)Google Scholar
  7. 7.
    Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrović, S., Franke, K.: Application of the Generic Feature Selection Measure in Detection of Web Attacks. In: Herrero, Á., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 25–32. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Felzenszwalb, P.F., Huttenlocher, D.P.: Efficient Graph-Based Image Segmentation. International Journal of Computer Vision 59(2) (September 2004)Google Scholar
  9. 9.
    Herrero, A., Navarro, M., Corchado, E., Julián, V.: RT-MOVICAB-IDS: Addressing real-time intrusion detection. Future Generation Comp. Syst. 29(1), 250–261 (2013)CrossRefGoogle Scholar
  10. 10.
    SNORT. Project homepage,
  11. 11.
    SCALP. Project homepage,
  12. 12.
    PHPIDS. Project homepage,
  13. 13.
    CSIC 2010 Dataset. Project homepage,

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Rafał Kozik
    • 1
    • 2
  • Michał Choraś
    • 1
    • 2
  • Rafał Renk
    • 1
    • 3
  • Witold Hołubowicz
    • 2
    • 3
  1. 1.ITTI Ltd.PoznańPoland
  2. 2.Institute of TelecommunicationsUT&LSBydgoszczPoland
  3. 3.Adam Mickiewicz University, UAMPoznanPoland

Personalised recommendations