Code Injection attacks such as SQL Injection and Cross-Site Scripting (XSS) are among the major threats for today's web applications and systems. This paper proposes CODDLE, a deep learning-based intrusion detection systems against web-based code injection attacks. CODDLE's main novelty consists in adopting a Convolutional Deep Neural Network and in improving its effectiveness via a tailored pre-processing stage which encodes SQL/XSS-related symbols into type/value pairs. Numerical experiments performed on real-world datasets for both SQL and XSS attacks show that, with an identical training and with a same neural network shape, CODDLE's type/value encoding improves the detection rate from a baseline of about 75% up to 95% accuracy, 99% precision, and a 92% recall value.
Abaimov, S., Bianchi, G. (2019). CODDLE: Code-Injection Detection with Deep Learning. IEEE ACCESS, 7, 128617-128627 [10.1109/ACCESS.2019.2939870].
CODDLE: Code-Injection Detection with Deep Learning
Bianchi G.
2019-01-01
Abstract
Code Injection attacks such as SQL Injection and Cross-Site Scripting (XSS) are among the major threats for today's web applications and systems. This paper proposes CODDLE, a deep learning-based intrusion detection systems against web-based code injection attacks. CODDLE's main novelty consists in adopting a Convolutional Deep Neural Network and in improving its effectiveness via a tailored pre-processing stage which encodes SQL/XSS-related symbols into type/value pairs. Numerical experiments performed on real-world datasets for both SQL and XSS attacks show that, with an identical training and with a same neural network shape, CODDLE's type/value encoding improves the detection rate from a baseline of about 75% up to 95% accuracy, 99% precision, and a 92% recall value.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.