Abstract
Recently, web attacks in general and defacement attacks in particular to websites and web applications have been considered one of major security threats to many enterprises and organizations who provide web-based services. A defacement attack can result in a critical effect to the owner’s website, such as instant discontinuity of website operations and damage of the owner’s reputation, which in turn may lead to huge financial losses. A number of techniques, measures and tools for monitoring and detecting website defacements have been researched, developed and deployed in practice. However, some measures and techniques can only work with static web-pages while some others can work with dynamic web-pages, but they require extensive computing resources. The other issues of existing proposals are relatively low detection rate and high false alarm rate because many important elements of web-pages, such as embedded code and images are not processed. In order to address these issues, this paper proposes a combination model based on BiLSTM and EfficientNet for website defacement detection. The proposed model processes web-pages’ two important components, including the text content and page screenshot images. The combination model can work effectively with dynamic web-pages and it can produce high detection accuracy as well as low false alarm rate. Experimental results on a dataset of over 96,000 web-pages confirm that the proposed model outperforms existing models on most of measurements. The model’s overall accuracy, F1-score and false positive rate are 97.49%, 96.87% and 1.49%, respectively.
Highlights
Defacement attacks to websites and web applications are a type of web attacks that modify the content of web-pages and change their looks and feels [1][2]
In order to address these issues, this paper proposes a website defacement detection model using the combination of text content and image features of web-pages, which belongs to Group (C)
The proposed model with 3 options: (1) model based on EfficientNet using screenshot image features only, (2) model based on BiLSTM using text features only and (3) model based on the combination of BiLSTM and EfficientNet using text and screenshot image features
Summary
Defacement attacks to websites and web applications are a type of web attacks that modify the content of web-pages and change their looks and feels [1][2]. The major cause is critical security vulnerabilities exist in websites, web-portals and web applications, or their hosting servers, which allow hackers to carry out defacement attacks [1][2][4][5]. The defacement attack can immediately interrupt the normal operations of the website, damage the reputation of the owner and cause possible data losses. All of these problems may lead to big financial losses. Solutions to detect defacement attacks in Group (C) can be based on simple and complex techniques. In order to address these issues, this paper proposes a website defacement detection model using the combination of text content and image features of web-pages, which belongs to Group (C). The rest of this paper is organized as follows: Section II presents some closely related works; Section III describes the proposed combination detection model, and data preprocessing, model training and detection steps; Section IV shows experimental results and discussion; and Section V is the conclusion of the paper
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
