Web Uygulamalarında Enjeksiyon Saldırılarının Tespiti

Yıl 2024, Cilt: 5 Sayı: 1, 1 - 11, 30.06.2024

Mehmet Serhan Erçin , Esra N. Yolaçan

https://doi.org/10.53608/estudambilisim.1402251

Öz

Enjeksiyon üst başlığında toplayabileceğimiz saldırılar, yıkıcı etkilerinden ve kolay uygulanabilirliklerinden dolayı saldırganlar tarafından daha çok tercih edilmekte, rastlanma sıklıkları her geçen gün artmaktadır. Günümüzde, web uygulamaları ve bağlantılı çerçeve yapıları, sıklıkla kullandığımız ve hayatımıza pek çok noktada dokunan, büyük hizmetlerdir. Bu yüzden siber saldırganların ilgisini sürekli canlı tutmakta ve yeni yöntemler keşfetmeye motive etmektedir. Sızma tespiti ve önlenmesi üzerine literatürde pek çok çalışma bulunmaktadır. Genel başlıklarda değerlendirilen bu çözümlerin, değişen ve gelişen uygulamalardan dolayı, alt başlıklarda ve ayrıntılı değerlendirilmesi ve buna uygun yeni çözümlerin bulunması gerekmektedir. Enjeksiyon tipi saldırılarda, girdilerin içerisindeki hedef sistem rezerve kelimeleri hariç tutulursa, kullanılan diğer harf ve rakamsal kombinasyonların sayısı sınırsızdır. Bu nedenle imza tabanlı sistemler yerine makine öğrenmesi yöntemlerinin genelleştirme performansı enjeksiyonların tespitinde önemli avantajlar sağlayacaktır. Bu çalışmada özellikle web enjeksiyon saldırılarına ilişkin saldırının doğru tespit edilmesinin yanı sıra, zamansal performans ve çıktıların sınıflandırılması da esas alınmaktadır. Rassal Orman ve Karar Ağacı sınıflandırıcılarında %94,54 ve %94,61 isabet oranları elde edilmiş, 15 ve 12 sn. öğrenme süreleri performansı ölçülmüştür.

Anahtar Kelimeler

Enjeksiyon, Makine Öğrenmesi, SQLi, XSS, CMDi, CVE

Detection of Injection Attacks in Web Applications

Öz

The attacks that we can bring together on Injection subject whose frequency of occurence is increasing day by day are more preferable for attackers due to their destructive effects and easy applicability. Today, web applications and linked framework structures are great services that we use frequently and that touch our lives at many points. Therefore, it keeps the interest of cyber attackers alive and motivates them to discover new methods. Due to the changing and developing services and applications via emerging technologies that general topics often needs reconsidering as sub topics and new solutions should be found accordingly. Generalization is an intense need in injection type attacks unlike some other intrusion methods. Hereby, the generalization ability of machine learning methods despite signature-based systems will provide significant advantages in the detection of injections. Therefore, machine learning methods which have much more ability of making generalization rather than signature-based systems will provide significant advantages in the detection of injections. This study is focused on input-driven web attacks, differentiating benign and malicious traffic, time performance on processes and accurate classification of outputs. With Random Forest and Decision Tree classifiers, 94.54% and 94.61% hit rates were obtained, and 15 and 12 sec. learning time performance was measured.

Anahtar Kelimeler

Injection, Machine Learning, SQLi, XSS, CMDi, CVE

Kaynakça

• Mitre, CAPEC. 2023. CAPEC VIEW: Domains of Attack. capec.mitre.org/data/definitions/3000.html (Erişim Tarihi: 04.12.2023) [2] Mitre, CWE. 2021. CWE Top 25 Most Dangerous Software Weaknesses cwe.mitre.org/top25/archive /2021/2021_cwe_top25.html (Erişim Tarihi: 04.12.2023)
• [3] OWASP. 2021. OWASP Top Ten. owasp.org/www-project-top-ten/# (Erişim Tarihi: 04.12.2023)
• [4] OWASP. 2021. A03:2021 – Injection owasp.org/Top10/A03_2021-Injection/ (Erişim Tarihi: 04.12.2023)
• [5] OWASP. 2021. Injection Flaws owasp.org/www-community/Injection_Flaws (Erişim Tarihi: 04.12.2023)
• [6] Milzarek, R. 2020. Injection Attacks Types and How to Best Protect Your Web Apps crashtest-security.com/what-are-the-different-types-of-injection-attacks/ (Erişim Tarihi: 04.12.2023)
• [7] GitHub. 2023. Payloads All The Things github.com/swisskyrepo/PayloadsAllTheThings (Erişim Tarihi: 04.12.2023)
• [8] OWASP. 2023. Attacks. owasp.org/www-community/attacks/ (Erişim Tarihi: 04.12.2023)
• [9] The Web Application Security Consortium. 2010. Tehdit Sınıflandırması 2.0, WASC-20: Improper Input Handling. projects.webappsec.org/w/page/13246933/Improper%20Input%20Handling (Erişim Tarihi: 04.12.2023)
• [10] Ray, D., Ligatti, J. 2012.Defining code-injection attacks. Acm Sigplan Notices, 47(1), 179-190.
• [11] Asif, M., Chirchi, E. M. 2021. Implementation of ML Algorithm’s for Cyber Security.
• [12] Valenza, A., Demetrio, L., Costa, G., Lagorio, G. 2020. WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs. SoftwareX, 11, 100367.
• [13] Inamdar, D. M., Gupta, S. 2020. A Survey on Web Application Security.International Journal of Scientific Research in Computer Science, Engineering and Information Technology, (6), 223-228.
• [14] Fox, K., Henning, R., Reed, J., Simonian R. 1990. A neural network approach towards intrusion detection. Proceeding of 13th National Computer Security Conference, Baltimore, MD, pp. 125–134, 1990.
• [15] Abaimov, S., Bianchi, G. 2021. A survey on the application of deep learning for code injection detection. Array, 11, 100077.
• [16] Acunetix. 2021. Web Uygulama Zafiyet Raporu. https://www.acunetix.com/white-papers/acunetix-web-application-vulnerability-report-2021/ (Erişim Tarihi: 04.12.2023)
• [17] Abaimov, S., Bianchi, G. 2019. CODDLE: Code-injection detection with deep learning. IEEE Access, 7, 128617-128627.
• [18] Kavitha, M. N., Vennila, V., Padmapriya, G., Kannan, A. R. 2021. Prevention of SQL injection attack using unsupervised machine learning approach. vol, 12, 12.
• [19] Hoang, X. D. 2021. Detecting common web attacks based on machine learning using web log. In Advances in Engineering Research and Application: Proceedings of the International Conference on Engineering Research and Applications, ICERA 2020 (pp. 311-318). Springer International Publishing.
• [20] Pan, Y., Sun, F., Teng, Z., White, J., Schmidt, D. C., Staples, J., Krause, L. 2019. Detecting web attacks with end-to-end deep learning. Journal of Internet Services and Applications, 10(1), 1-22.
• [21] Tang, R., Yang, Z., Li, Z., Meng, W., Wang, H., Li, Q., Liu, Y. 2020, July. Zerowall: Detecting zero-day web attacks through encoder-decoder recurrent neural networks. In IEEE INFOCOM 2020-IEEE Conference on Computer Communications (pp. 2479-2488). IEEE.
• [22] Gniewkowski, M., Maciejewski, H., Surmacz, T. R., Walentynowicz, W. 2021. HTTP2vec: Embedding of HTTP requests for detection of anomalous traffic. arXiv preprint arXiv:2108.01763.
• [23] Alma, T., Das, M. L. 2020. Web Application Attack Detection using Deep Learning. arXiv preprint arXiv:2011.03181.
• [24] George, T. K., Jacob, K. P., James, R. K. 2018. Token based detection and neural network based reconstruction framework against code injection vulnerabilities. Journal of Information Security and Applications, 41, 75-91.
• [25] Betarte, G., Giménez, E., Martínez, R., Pardo, Á. 2018. Machine learning-assisted virtual patching of web applications. arXiv preprint arXiv:1803.05529.
• [26] Venkatramulu, S., Guru, R. 2017. RPAD: Rule based pattern discovery for input type validation vulnerabilities detection & prevention of HTTP requests. International Journal of Applied Engineering Research, 12(24), 14033-14039.
• [27] Ibarra-Fiallos, S., Higuera, J. B., Intriago-Pazmiño, M., Higuera, J. R. B., Montalvo, J. A. S., Cubo, J. 2021. Effective filter for common injection attacks in online web applications. IEEE Access, 9, 10378-10391.
• [28] Gogoi, B., Ahmed, T., Saikia, H. K. 2021. Detection of XSS attacks in web applications: A machine learning approach. International Journal of Innovative Research in Computer Science & Technology (IJIRCST) ISSN, 2347-5552.
• [29] Nagarjun, P. M. D., Shaik, S. A. 2020. Ensemble methods to detect XSS attacks. International Journal of Advanced Computer Science and Applications, 11(5).
• [30] Mereani, F. A., Howe, J. M. 2018, January. Detecting cross-site scripting attacks using machine learning. In International conference on advanced machine learning technologies and applications (pp. 200-210). Cham: Springer International Publishing.
• [31] Vishnu, B. A., Jevitha, K. P. 2014, October. Prediction of cross-site scripting attack using machine learning algorithms. In Proceedings of the 2014 International Conference on Interdisciplinary Advances in Applied Computing (pp. 1-5).
• [32] Hasan, M., Balbahaith, Z., Tarique, M. 2019, November. Detection of SQL injection attacks: a machine learning approach. In 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA) (pp. 1-6). IEEE.
• [33] Mishra, S. 2019. SQL injection detection using machine learning.
• [34] Ross, K. 2018. SQL injection detection using machine learning techniques and multiple data sources.
• [35] Uwagbole, S. O., Buchanan, W. J., Fan, L. 2017, May. Applied machine learning predictive analytics to SQL injection attack detection and prevention. In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (pp. 1087-1090). IEEE.
• [36] Sheykhkanloo, N. M. 2020. A learning-based neural network model for the detection and classification of SQL injection attacks. In Deep Learning and Neural Networks: Concepts, Methodologies, Tools, and Applications (pp. 450-475). IGI Global.
• [37] Kar, D., Panigrahi, S., Sundararajan, S. 2016. SQLiGoT: Detecting SQL injection attacks using graph of tokens and SVM. Computers & Security, 60, 206-225.
• [38] Cheng, Q., Wu, C., Zhou, H., Kong, D., Zhang, D., Xing, J., Ruan, W. 2021. Machine learning based malicious payload identification in software-defined networking. Journal of Network and Computer Applications, 192, 103186.
• [39] Taşdelen, İ. 2023. Payload Box – Attack Payloads github.com/payloadbox/ (Erişim Tarihi: 04.12.2023)