Auto classification Web Attack and model to detect authorization bypass exploit

Giang Hoang Nguyen, Tai Anh Nguyen

CMC CyberSecurity

03 Dec

11:45 AM to 12:15 PM – SGT

Abstract:

Web attack is among the most costly cyber attack types, forcing companies spending an average of $2.4 million in defense. On average, more than 30000 websites are hacked every day. Specifically, web applications are lucrative targets for attackers because successful intrusions could grant them access to sensitive user information and unauthorized privileges to many different kind of services, including financial institutions accounts.

Machine learning has been a major contributing factor to cybersecurity in recent times. Classifications of malicious web code, phishing domains or netflow based anomaly detection are some of the applications of machine learning in the field. Studies have also identified certain techniques to detect and prevent several types of attacks against web applications such as Cross Site Scripting XSS. Autoencoders variants, Long Short Term Memory and Generative Adversarial Network are among the latest machine learning frameworks to achieve better results than traditional simple static analyses.

In this paper, we propose our findings in auto classification of Web Attacks by extracting features of different types and applying several machine learning algorithms to achieve best result. We also propose a model to detect authorization bypass exploit in a semi supervised learning as well as reinforcement learning framework. Web analytics experts update the model with latest firewall evasion techniques such as string concatenation in a remote command execution attack. The model plays an adversarial game with the firewall rules and keeps mutating payload to achieve bypass authorization.

The eventual results are as following: