Detecting Common Web Attacks Based on Machine Learning Using Web Log

Abstract

SQL injection (SQLi), Cross-site Scripting (XSS) attacks have long been considered major threats to web-based applications and their users. These types of web attacks can cause serious damage to web applications and web users, ranging from bypassing authentication systems, stealing information from databases and users, to even taking control of server systems. To cope with web attacks, many measures have been researched and applied to protect web applications and users. Among them, the detection of web attacks is a promising approach in the defensive layers for web applications. However, some measures can only detect a single type of web attacks, while others require frequent updates to the detection rule sets, or require extensive computational power because of using complex detection methods. This paper proposes a web attack detection model based on machine learning using web log. The detection model is built using the inexpensive decision tree algorithm and it does not require frequent update. Our experiments on a labelled dataset and real web logs show that the proposed model is capable of detecting several types of web attacks effectively with the overall detection accuracy rate of 98.56%.