Code Injection attacks such as SQL Injection and Cross-Site Scripting (XSS) are among the major threats for today's web applications and systems. This paper proposes CODDLE, a deep learning-based intrusion detection systems against web-based code injection attacks. CODDLE's main novelty consists in adopting a Convolutional Deep Neural Network and in improving its effectiveness via a tailored pre-processing stage which encodes SQL/XSS-related symbols into type/value pairs. Numerical experiments performed on real-world datasets for both SQL and XSS attacks show that, with an identical training and with a same neural network shape, CODDLE's type/value encoding improves the detection rate from a baseline of about 75% up to 95% accuracy, 99% precision, and a 92% recall value.
Abaimov, S., & Bianchi, G. (2019). CODDLE: Code-Injection Detection with Deep Learning. IEEE ACCESS, 7, 128617-128627.
Tipologia: | Articolo su rivista |
Citazione: | Abaimov, S., & Bianchi, G. (2019). CODDLE: Code-Injection Detection with Deep Learning. IEEE ACCESS, 7, 128617-128627. |
Lingua: | English |
Settore Scientifico Disciplinare: | Settore ING-INF/03 |
Revisione (peer review): | Esperti anonimi |
Tipo: | Articolo |
Rilevanza: | Rilevanza internazionale |
Digital Object Identifier (DOI): | http://dx.doi.org/10.1109/ACCESS.2019.2939870 |
Stato di pubblicazione: | Pubblicato |
Data di pubblicazione: | 2019 |
Titolo: | CODDLE: Code-Injection Detection with Deep Learning |
Autori: | |
Autori: | Abaimov, S; Bianchi, G |
Appare nelle tipologie: | 01 - Articolo su rivista |