Detecting command injection attacks in web applications based on novel deep learning methods

Detecting command injection attacks in web applications based on novel deep learning methods

Abstract Web command injection attacks pose significant security threats to web applications, leading to potential server information leakage or severe server disruption. Traditional detection methods struggle with the increasing complexity and obfuscation of these attacks, resulting in poor identif...

Full description

Saved in:
Bibliographic Details
Main Authors: Xinyu Wang, Jiqiang Zhai, Hailu Yang
Format: Article
Language:English
Published: Nature Portfolio 2024-10-01
Series:Scientific Reports
Subjects:
Web command injection
Deep learning
Attack detection
Online Access:https://doi.org/10.1038/s41598-024-74350-3
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract Web command injection attacks pose significant security threats to web applications, leading to potential server information leakage or severe server disruption. Traditional detection methods struggle with the increasing complexity and obfuscation of these attacks, resulting in poor identification of malicious code, complicated feature extraction processes, and low detection efficiency. To address these challenges, a novel detection model, the Convolutional Channel-BiLSTM Attention (CCBA) model, is proposed, leveraging deep learning techniques to enhance the identification of web command injection attacks. The model utilizes dual CNN convolutional channels for comprehensive feature extraction and employs a BiLSTM network for bidirectional recognition of temporal features. An attention mechanism is also incorporated to assign weights to critical features, improving the model’s detection performance. Experimental results demonstrate that the CCBA model achieves 99.3% accuracy and 98.2% recall on a real-world dataset. To validate the robustness and generalization of the model, tests were conducted on two widely recognized public cybersecurity datasets, consistently achieving over 98% accuracy. Compared to existing methods, the proposed model offers a more effective solution for identifying web command injection attacks.
ISSN:2045-2322

Similar Items