Combining Word Embeddings with Fuzzy Logic to Protect Web Applications Fuzzy VADAS

Aurelio Somarriba Lucas, Cesar Garita Rodriguez

Producción científica: Capítulo del libro/informe/acta de congresoContribución a la conferenciarevisión exhaustiva

Resumen

In the early era of the Internet, webpages only contained static content, such as text and images. However, with the emergence of Web 2.0, a new set of dynamic web applications appeared, such as online banking, e-commerce, social networking, gaming, and others that revolutionized the industry. These new technologies have presented a new set of vulnerabilities that can be exploited by malicious users for multiple purposes, such as data exfiltration/modification/deletion, privilege escalation, malware installation, DDoS (Distributed Denial of Service) attacks, etc. In order to detect some of these web attacks, companies are relying in Web Application Firewalls. These Web Application Firewalls (WAFs) rely on complicated regular expressions (REGEX) that are created by experienced security researchers in order to detect malicious signatures found in tampered HTTP requests. The goal of this research is to provide an alternate way to detect these web attacks without relying on complicated regular expressions. VADAS (Valence Aware worD embedding for web Application Security) approach to detect web attacks is by using a set of revised vocabularies (word embeddings created using unsupervised algorithms) that are commonly found in web attack vectors. These embeddings will allow us to calculate a valence score for each word quantifying its positive/negative score by using cosine similarity. The output from VADAS system is connected to a fuzzy logic controller in order to achieve a final 'maliciousness' classification result (Fuzzy VADAS). Preliminary results show that the performance of Fuzzy VADAS is quite effective, obtaining an accuracy of over 98%. The proposed Fuzzy VADAS approach provides a new way of detecting web application attacks, relying on minimal interaction with security experts (refinement of dictionaries, removing good words, etc.). This is a great advantage in comparison to existing REGEX rule-based systems.

Idioma originalInglés
Título de la publicación alojadaProceeding of the 2023 IEEE 41st Central America and Panama Convention, CONCAPAN XLI 2023
EditorialInstitute of Electrical and Electronics Engineers Inc.
ISBN (versión digital)9798350380927
DOI
EstadoPublicada - 2023
Evento41st IEEE Central America and Panama Convention, CONCAPAN 2023 - Tegucigalpa, Honduras
Duración: 8 nov 202310 nov 2023

Serie de la publicación

NombreProceeding of the 2023 IEEE 41st Central America and Panama Convention, CONCAPAN XLI 2023

Conferencia

Conferencia41st IEEE Central America and Panama Convention, CONCAPAN 2023
País/TerritorioHonduras
CiudadTegucigalpa
Período8/11/2310/11/23

Huella

Profundice en los temas de investigación de 'Combining Word Embeddings with Fuzzy Logic to Protect Web Applications Fuzzy VADAS'. En conjunto forman una huella única.

Citar esto