Abstract
E-commerce, ticket booking, banking, and other web-based applications that deal with sensitive information, such as passwords, payment information, and financial information, are widespread. Some web developers may have different levels of understanding about securing an online application. The two vulnerabilities identified by the Open Web Application Security Project (OWASP) for its 2017 Top Ten List are SQL injection and Cross-site Scripting (XSS). Because of these two vulnerabilities, an attacker can take advantage of these flaws and launch harmful web-based actions. Many published articles concentrated on a binary classification for these attacks. This article developed a new approach for detecting SQL injection and XSS attacks using deep learning. SQL injection and XSS payloads datasets are combined into a single dataset. The word-embedding technique is utilized to convert the word’s text into a vector. Our model used BiLSTM to auto feature extraction, training, and testing the payloads dataset. BiLSTM classified the payloads into three classes: XSS, SQL injection attacks, and normal. The results showed great results in classifying payloads into three classes: XSS attacks, injection attacks, and non-malicious payloads. BiLSTM showed high performance reached 99.26% in terms of accuracy.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.