Cyber Security Issues: Web Attack Investigation

Sabrina Tarannum, Syed Md. Minhaz Hossain*, Taufique Sayeed

Department of Computer Science and Engineering, Premier University, Chattogram-4000, Bangladesh

[email protected], [email protected]*, [email protected]

Abstract
In these recent days, remote work will likely be the biggest cyber security challenge. Remote employment will still be common
because of the numerous COVID-19 requirements. After businesses encouraged remote work owing to pandemic concerns,
malicious actors now have an easier time finding insecure or incorrectly configured systems that connect to the internet. Web
assaults are actions taken against websites and web-based applications with the intent to steal sensitive data, interrupt web service
systems, or seize the targeted web systems. Web attacks are a growingly significant subject in digital forensics and information
security. It has been noted that invaders are gaining the capacity to get around safety measures and initiate several complex attacks.
One of the biggest obstacles is effectively responding to new and unidentified threats, despite several attempts to handle these
attacks using a variety of technologies. The objective of this paper is to review the research on web attacks focusing primarily on
attack detection methods on various areas of study. The goal is to do explore on web attack investigation, identification methods
focusing on different areas such as vulnerabilities, prevention, detection technologies and protection. This paper also examines
several related research problems and potential future paths for online assault detection that could aid in more precise research
development.

Keywords: Web attacks, Security, Vulnerabilities, Prevention, Intrusion detection, Machine learning techniques.

1. Introduction
Different security issues and cyber assaults have risen at an exponential rate in recent years due to the ever-increasing
demand for digitization. Today, a lot of online sites and apps rely on web services to easily communicate information
with one another. Web services give companies and people a method to reuse functionality across services by giving
them a mechanism to send different types of data across the network. Since many scenarios are controlled by user
input, there is a dynamic interaction between the user and the online service. This dynamic nature frequently raises
concerns. Millions of Internet users utilize a variety of applications on a regular basis, including e-governments, e-
commerce, social networking sites, blogs, content management systems, and web emails, among many others, and for
all of these applications, web applications are crucial. According to reports, 92% of web-based applications are weak
points, 75% of information security attacks target web apps, 70% of web-based assaults are successful, and web apps
can encounter up to 27 attacks every minute [2]. Hacking private and personal information is the primary motivation
behind these assaults. Attacks take place as a result of vulnerabilities in the database server, security measures, and
web server. Unauthorized users can also gain administrative access rights to the web application or the server due to
poor development and configuration of the web application. Additionally, the design of the Hypertext Transfer
Protocol (HTTP) is important if it cannot keep up with the intricate structure of online applications. The contributions
of this paper are summarized as follows.

• We build a review &concise discussion on a variety of machine learning system for finding various intrusion
detection systems & summarize web attack identification based on different machine learning& deep learning
techniques.
• Then we summarize various types of attacks according to our study depending on different focus area such
as web security, vulnerability, prevention attacks detection and protection.
• Finally, we go through and briefly review some related research issues and future directions for web attacks
detection that might benefit both academics and business professionals to carry out more research and
development in pertinent application areas.
2. Background
A web attack uses a website's weaknesses to gain access without authorization, grab private data, upload malicious
content, or change the website's content. There is various indication that a web is affected such as, If the end users are
unable to access the victim’s website, properly entered URLs directing to incorrect websites (spoofing), unusually
slow network performance, frequent server reboots, abnormalities in the log files. In this section we give an overview
of attack indication, types and methods use for detecting those attacks.

2.1 Web Attacks & Security Risks

The major types of web attacks are Injection Attacks, DNS Spoofing, Session Hijacking, Phishing, Brute force, Denial
of service, Dictionary Attack, URL interpretation, File Inclusion Attacks, Man in the Middle Attack. Other well-
known security incidents in the realm of cyber security include privilege escalation, password attacks, insider threats,
advanced persistent threats, crypto jacking attacks, various web application attacks, etc. A data breach, often known
as a data leak, is a type of security incident that involves unauthorized data access by a person, application, or service.
[31].

2.2 Web Security Resistance Strategies

There are various methods to find the detection of web attacks. Among them host-based intrusion (HIDS) and network
based intrusion (NIDS) system are quite familiar. While an NIDS examines and keeps track of network connections
for suspicious activity, a HIDS monitors critical files on a single system. Based on the detection approach, Application
Intrusion Detection Systems (AIDS) can be broadly divided into two categories: Signature and Anomaly based
Detection System as shown in Table 1.

Table 1: Categories of Application Intrusion Detection Systems (AIDs)

Characterization Advantages Disadvantages

Signature-based detection Can detect known model of A low rate of false Cannot locate the attack if
attacks. Attacks are identified alarms and rapid the signature database
via feature matching detection does not already contain
the predetermined attack.
Anomaly-based detection Based on unusual behavior of Can detect unknown High number of fake
the system attacks alarm and low accuracy.

Beside these, a hybrid intrusion detection system considers both anomaly-based and signature-based detection
methods. In a hybrid detection system, signature-based detection is used to identify assaults that follow a known
pattern, and anomalous intrusion detection is used to identify brand-new attacks. The basic terms related to web attacks
are described in Table 2.

Table 2: A summary of key terms and areas related to web attacks

Key Terms Description

Web attacks An action that undermines the security, integrity, confidentiality, or availability of information is referred to
as a web attack. It may also cause harm to the networks that provide the information.
Intrusion An activity that is used for compromising data security of a system.
Web Anomaly Web anomalies are outliers, noise, deviations, and exceptions.
Data Breach The deliberate or accidental disclosure of secure data to a hostile environment is referred to as a data leak or
spill.
Machine Learning A key part of artificial intelligence (AI), which is concerned with the study of methods to complete a given
task without using explicit instructions.
Deep Learning An important component of AI's machine learning creates security models often using artificial neural
networks with multiple data processing layers.
 Detection Models Models use features as inputs and apply machine learning algorithms to get a predetermined result for wise
decision-making.
WAF Web Application Firewalls. This firewall solution frequently monitors and filters data packets for the presence
of malware or viruses.
Mod Security Embeddable Firewalls. With no modifications to the current infrastructure, it shields web applications from a
range of assaults and permits HTTP traffic monitoring and real-time analysis.
Snort A system for detecting and preventing intrusions. To detect potentially malicious activity, SNORT employs a
rule-based language that blends anomaly, protocol, and signature inspection approaches.

2.3 Machine Learning Task in Web Attack

Data science, deep learning, and computational statistics are all subfields of machine learning (ML), which is
frequently referred to as a branch of "Artificial Intelligence." The main goal is to educate computers how to learn from
data. Machine learning models frequently consist of a collection of rules, procedures, or sophisticated "transfer
functions" in order to find intriguing data patterns or to detect or forecast behavior. These capabilities could be crucial
in the field of web security. The following describes the use of machine learning for identifying various types of web
attacks.

A WAF does not offer enough protection from zero-day attacks. The effectiveness of machine-learning-based WAFs,
which can be used in addition to or replacement of signature-based approaches, was researched and demonstrated by
Applebaum et al. The tested system had a 98.8% accuracy rate [11]. To increase attack detection and lower the false
alarm rate, Hussein et al. applied machine learning algorithms such Nave Bayes, K-means, and Bayes Net [15]. Betarte
et al. demonstrated how machine learning methods might enhance MODSECURITY's recognition capacity by
decreasing fake positives and rising true positives [19]. The authors in [17] provide research on how machine learning
approaches can be utilized to handle the difficulty and analyze the aberrant behavior connected to phishing online
attacks. For more effective and precise web assault detection, Ren et al. used a hidden Markov model and a BOW
technique. They demonstrated that Bag of Words has a higher recognition rate, a lesser number of fake alarms, and is
less expensive [24].

2.4 Methods for Identifying Web Attacks

This sector presents some research on approaches for monitoring common assaults on websites and web applications.
There are two categories for the studies analyzed: (i) The detecting group using rules, patterns, or signatures (ii) the
detection based on anomaly and (iii) a hybrid intrusion detection system

2.4.1 Detection Based on Signatures

Díaz-Verdejo et al. proposed a method to reduce the false positive in various Signature based intrusion detection
system. It is also showed that for a joint decision using various SIDS the accuracy or the detection rate can be improved
[14].

2.4.2 Detection Based on Anomaly

Riera et al. projected a systematic review to determine the present state of web anomaly detection technology. Their
work shows how anomaly detection methods can be used to stop and identify internet attacks [13].

2.4.3 Hybrid Detection System

The majority of intrusion detection techniques for web attacks are signature-based. However, these approaches may
fail to detect unknown threats due to missing attributes or poor profiling. Hussein et al. presented a system that blends
both signature- and anomaly-based intrusion detection techniques in order to decrease warnings received and find
novel attacks [15]. At first, author used Snort to analyze the dataset. Then for the next step Naïve Bayes, K-means and
Bayes Net various algorithms are applied for recognizing anomaly based attacks.
2.4.4 Detecting Web Attacks with Deep Learning

A branch of machine learning is called deep learning, a computational model that takes cues from the biological neural
networks in the human brain. In the reference paper, Yao Pan et al. proposed a system that evaluate the viability of
both a semi-supervised and an unsupervised strategy for web assault detection. They also used deep learning method
for the proposed system. They conclude that with limited domain expertise and labeled training data, the proposed
method may effectively and precisely identify threats such as SQL injection, denial of services and cross-site scripting
[27].
The summary of the state-of-the-art for detecting web attacks are as shown in Table 3.

Table 3: Summary of review findings

Ref Types of Attack Summary of the Paper Area of Focus

[1] Cyber Attacks Specific web browser forensics methods and suggested workable investigative Vulnerability
tools. detection
[2] Web attacks Guideline for identifying web attacks Attack
Prevention
[3] Denial-Of-Service, Dynamic analysis was mostly used to provide solutions, with static analysis Attack
various injection coming in second. Prevention
attacks , spoofing
[4] Web Application Web application security, with the goal of systematizing the available solutions Web security,
Attacks into a broad picture that encourages further study. Protection
[5] Web Attacks Technologies, procedures, and tactics for intrusion detection look into new Attack Detection
attack kinds, defenses, and contemporary academic research.
[6] Web Attacks With a particular emphasis on data accessibility, cyber security and cyber risk Attack Detection
management. &Prevention
[7] Injection Attacks Contribute to the community by creating a strategy for preventing common Attack
injection attacks on web apps. Protection
[8] Zero-day Attacks Machine learning-based hybrid approaches to successfully learn and identify Attack Detection
intrusions have been presented.
[9] Zero-day Attacks Extends previous work by including individual request outlier explanations Attack Detection
into an end-to-end pipeline.
[10] Web Attack This paper examines several common online assault monitoring and detection Attack Detection
tools and methods that have been created and used in practice.
[11] Web Application The research focuses on determining whether machine-learning-based WAFs Attack
Attacks, Zero-day are effective in thwarting the existing attack patterns that target web Protection
attacks application frameworks.
[12] SQL injection attacks Efficiency of Web application firewall Mod security is evaluated in the Attack
proposed literature. Prevention
[13] Web Attacks An analysis of the effectiveness of anomaly detection methods for preventing Attack Detection
and identifying web attacks & Prevention

[14] Web Attacks Signature based intrusion detection technique Attack Detection

[15] Web Attacks To decrease acquired alerts and find new attacks, a methodology that combines Attack Detection
both signature-based and anomaly-based techniques has been developed.
[16] Phishing attacks Different tools & methods for identifying phishing attacks Attack Detection

[17] Phishing attacks This study examines how machine learning techniques can be used to search Attack Detection
for unusual activity associated with phishing online attacks as a possible
solution to the issue.
[18] DoS Attacks Developed a new method for filtering and detecting huge numbers of attack Attack Detection
packets. This method includes novel data structures and algorithms. In order to
be effective in real-time attack response, the suggested method focuses a strong
emphasis on minimizing storage space and processing time.
[19] Web Attacks Examine the advantages of machine learning techniques for evaluating WAF. Attack Detection
 [20] Web Attacks In this study, big data was used to detect web threats using machine learning Attack
techniques. Detection&
Analysis
[22] Network Attacks Focuses on how the online and offline performance of Snort IDS is impacted Attack Detection
by multithreading, standard rule set setups, and real-time data shipping. System &
Analysis
[23] Web Attacks In this research, a Web Gene Tree (WGT)-based MTD technique is proposed. Vulnerability
detection
[24] Web Attacks With the help of hidden Markov algorithms, this article effectively detects web Web Attack
attacks using a BOW model to extract features. Detection
method
[25] Web Forensic To develop a new model, issues with the online forensics procedure's method, Vulnerability
technique, application, and software that handles web activities have been detection
looked into and analyzed.
[26] Zero-Wall This study suggests Zero-Wall, an unsupervised method for effectively Attack Detection
identifying zero-day Web threats that integrates with an on-the-go WAF.
[27] Web Attack Three new findings are presented in this work that is related to the study of Vulnerability
autonomous intrusion detection systems. detection
[28] Web Attack The goal of this work is to implement the web attack recognition model Attack Detection
utilizing the Core Rule Sets of Mod Security in order to provide the capabilities
of Snort web attack detection.
[29] Brute Force Attack The work investigates the deficiency of web attacks detection using ensemble Vulnerability
learning and big data. detection
[30] Web Application The aim of this paper is to look into the methods and tools used to stop attacks. Attack
Attacks In order to solve the flaws of current technology and provide more useful Detection&
solutions, data mining and machine learning approaches are also researched. Prevention
[31] Cyber Attack In order to provide intelligent services in the field of cyber-security, Intrusion
specifically for intrusion detection, authors used a variety of well-known Detection
machine learning classification techniques, such as Bayesian Network (BN),
Naive Bayes (NB), Random Forest (RF), Decision Tree (DT), Random Tree
(RT), Decision Table (DTb), and Artificial Neural Network (ANN).

3. Research Issues and Future Directions

This study releases several research issues and challenges in the area of web attacks. In the following, we summarize
these issues and challenges.

3.1 Hybrid Learning Scheme

The greater part of intrusion detection techniques for web attacks detection is signature-based. However, these
approaches may fail to detect unknown threats due to missing attributes or poor profiling. Beside this, in anomaly
based detection system the accuracy is not high enough but can detect unknown attacks. So, a hybrid technology
combining of signature & anomaly based invasion recognition system or a combination of machine learning and deep
learning algorithm can be useful to extract the abnormality from the problem sphere, which can solve the limitations
of a specific detection system.

3.2 Generalized Strategy for Web Attacks Detection

How to manage a high volume of incoming traffic when each packet needs to be verified with every signature in the
database is another issue with detection techniques. As a result, processing all of the traffic takes a long time and
reduces system throughput. Sometimes techniques are so specific that its knowledge depends on particular operating
system, version, and application. So generalized technique is needed so that not to tie in specific environments.

3.3 Analysis in Intrusion Detection Solutions

In order to provide data-driven judgments, security models based on machine learning frequently require a lot of static
data. Systems for detecting anomalies rely on building such a model while taking into account both regular behavior
and anomalies according to their patterns. A vast and dynamic security system's usual behavior, however, is not well
understood and may alter over time, which may be seen as a gradual increase in the dataset. In numerous situations,
the patterns in incremental datasets may shift. This frequently leads to a significant number of false positive alarms.
In order to forecast unknown assaults, a recent regressive behavioral trend is more likely to be interesting and pertinent
than one from the past. Therefore, effectively using the model in intrusion detection solutions could be another issue.

3.4 Proposed Technique to Solve Attack

There are various techniques used to solve the attacks as shown Fig. 1.

Dynamic Investigation: Dynamic analysis refers to recognize output with respect to a predefined input in runtime.
Static investigation: Static analysis deal with programming. In order to check for vulnerabilities, differences in the
program are found.

Model Based: Different types of model use such as hybrid model [33, 34] to detect attacks, or model for feature
selection so that unknown or new attacks are easily detected.

Lists of technique use Journals

Conference
9

7
Secure
Others 6
Program Dynamic
8%
11% Analysis
Model 5
36%
Base Static
17% 4
Analysis
28% 3

0
2016 2018 2019 2020 2021 2022

Fig.1: (a) Lists of techniques used to solve attacks (b) Publication year vs. publication count.

Secure Programming: Different coding like data mining, machine learning etc. are used to test the proposed model
for detecting attacks.

Others: Different types of tools like SNORT, MODSECURITY, firewalls etc. used for detection, prevention of web
service attacks.
One of the key ideas in cyber security is the classification or prediction of attacks. Important modules that are in charge
of developing a prediction model to categorize threats or assaults and predict the future for a specific security risk.
The development of a data-driven security model for a specific security challenge based on the idea of online assaults,
as well as proper empirical evaluation to assess the model's efficacy and efficiency and evaluate its usability in the
real-world application area, may be future work.

3.5 Experiment Benchmarks

The following machine learning algorithms are used as workbench for measuring accuracy in detecting intrusions:

• Logistic Regression: This statistical model is frequently used for categorization and predictive analytics
based on a collection of independent variables, logistic regression calculates the likelihood of an event
occurring, such as voting or not voting.
• K-Nearest Neighbors: The k-nearest neighbor algorithm, often known as KNN. It is a non-parametric and
supervised learning classifier that employs proximity to classify or predict the grouping of a single data point.
While it may be used for either regression or classification issues, it is most commonly utilized as a
classification technique, based on the idea that comparable points can be discovered nearby.
• Naïve Bayes: The Bayes theorem calculates the likelihood of an event occurring given the chance of another
event occurring. The following equation expresses Bayes' theorem mathematically:

𝑃(𝐵|𝐴). 𝑃(𝐴)
𝑃(𝐴|𝐵) =
𝑃(𝐵)
• Support Vector Machines: SVM locates a hyperplane that defines a boundary between data kinds. This
hyper-plane is nothing more than a line in two dimensions. Each data item in the dataset is plotted in an N-
dimensional space in SVM, where N is the number of features/attributes in the data. Find the best hyperplane
to split the data. To apply SVM to multi-class situations, we can develop a binary classifier for each data
class.
• Decision Trees: The most powerful and widely used tool for categorization and prediction is the Decision
Tree. A Decision tree is a tree structure that looks like a flowchart, with each internal node representing a
test on an attribute, each branch representing a test outcome, and each leaf node (terminal node) holding a
class label.
• Random Forest: The "forest" it creates is an ensemble of decision trees, which are often trained using the
"bagging" approach. The bagging approach is based on the premise that combining learning models improves
the final output. Random forest has the significant benefit of being applicable to both classification and
regression problems, which comprise the majority of contemporary machine learning systems. It also resists
over fitting, which is common in decision trees.

3.6 Experiment Results

NSL-KDD dataset [32] is used for testing intrusion detection systems. Dataset produces normal and anomalous request
including various types of attacks. The features in this data set are used to characterize right and erroneous system
operation. Machine learning methods employ these properties to create models that categorize the accuracy of the
system's execution state. Table 4 and Fig. 2, shows the machine-learned model with different algorithms to forecast
undetected trace which reflects a genuine system execution.

Table 4: Comparison of different machine learning models for intrusion detection

Accuracy(%) Precision (%) Recall (%)

Logistic Regression 87.624 83.568 91.608
K Neighbors Classifier 98.936 99.056 98.670
Gaussian NB 91.605 92.532 89.296
Support Vector Machines 97.289 97.547 96.646
Decision Tree 99.869 99.847 99.872
Random Forest 99.876 99.932 99.805
 PCA 99.821 99.898 99.721

Fig. 2: Performance evaluation of different machine learning algorithms for intrusion detection system.

4. Discussion
Here are the web threat areas that were the focus of the research articles. Web service vulnerabilities and web service
attacks are the main topics of this study. Fig. 2 shows that 5 research (16.67%) and 13 (43.33%) respectively, focus
on web service vulnerabilities and web service assaults detection. 12 articles (40%) concentrate on the development
of various combination tactics or attacks to test the robustness of web services and assess the web service contingency
mechanisms. The strategies are then divided into Attack Detection or Prevention and Vulnerability detection or
Prevention to provide more detail. Additionally, crucial are attack detection and prevention; 5 studies (16.67%)
concentrate on the vulnerabilities. A few papers concentrate on various algorithms, models, and tools for the detection
and prevention of various web threats. Finally, as an extension, we utilize some machine learning algorithms on NSL-
KDD dataset for intrusion detection and achieve the highest accuracy of 99.876 %, precision of 99.932% and recall
of 99.805% for random forest classifier.

5. Conclusion
The biggest challenges with using online services to send data are those with privacy and data protection. The security
of online services must be maintained by taking into account three components of information security, including
confidentiality, integrity, and availability. Attacks on the web are very aggressive and more likely to affect business.
Application intrusion detection systems and web application firewalls are two detection methods that are effective in
catching known threats with high accuracy. This is because the majority of commercial devices uses signature-based
technology and predefined regulations, which are the main causes of their reliance on these technologies. However,
the vast majority of strategies were created to progressively fend against fresh and undiscovered threats. In order to
achieve the requisite effectiveness, the methodologies employed for anomaly-based assaults are currently being
developed. The number of attacks will be greatly reduced with the incorporation of anomaly- and signature-based
detection systems. In this paper, we focused on the analysis of numerous web attacks and various methods,
instruments, and machine learning and deep learning algorithms for their detection and prevention. Although the real-
time detection capabilities of those technologies are relatively constrained, they provide invaluable insights into attack
detection through the study of successful assaults and the identification of previously undiscovered ones. To provide
a future research agenda for the study of web threats, we have further highlighted and discussed a number of significant
security analysis challenges.

6. References

1. Rasool A, Jalil Z. A Review of Web Browser Forensic Analysis Tools and Techniques. Res J Comput.
2020;1(1):15-21.
2. Calzavara S, Focardi R, Squarcina M, Tempesta M. Surviving the Web: A Journey into Web Session Security.
In: The Web Conference 2018 - Companion of the World Wide Web Conference, WWW 2018. Association for
Computing Machinery, Inc; 2018:451-455. doi:10.1145/3184558.3186232
3. Mouli VR, Jevitha KP. Web Services Attacks and Security- A Systematic Literature Review. In: Procedia
Computer Science. Vol 93. Elsevier B.V.; 2016:870-877. doi:10.1016/j.procs.2016.07.265
4. i, X., Xue, Y.: A survey on web application security. Tech. rep., Vanderbilt Uni-
versity (2011, http://www.truststc.org/pubs/814.html.
5. Ozkan-Okay M, Samet R, Aslan O, Gupta D. A Comprehensive Systematic Literature Review on Intrusion
Detection Systems. IEEE Access. 2021;9:157727-157760.
6. Cremer F, Sheehan B, Fortmann M, et al. Cyber risk and cybersecurity: a systematic review of data
availability. Geneva Pap Risk Insur Issues Pract. Published online 2022.
7. Ibarra-Fiallos S, Higuera JB, Intriago-Pazmino M, Higuera JRB, Montalvo JAS, Cubo J. Effective Filter for
Common Injection Attacks in Online Web Applications. IEEE Access. 2021;9:10378-10391.
8. Maseno EM, Wang Z, Xing H. A Systematic Review on Hybrid Intrusion Detection System. Maglaras L, ed.
Secur Commun Networks. 2022;2022:1-23.
9. Sejr JH, Zimek A, Schneider-Kamp P. Explainable detection of zero day web attacks. In: Proceedings - 2020
3rd International Conference on Data Intelligence and Security, ICDIS 2020. Institute of Electrical and
Electronics Engineers Inc.; 2020:71-78.
10. Dau, H. X., Trang, N. T. T., & Hung, N. T. (2022). A Survey of Tools and Techniques for Web Attack
Detection. Journal of Science and Technology on Information Security, 1(15), 109-118.
https://doi.org/10.54654/isj.v1i15.85211. Applebaum S, Gaber T, Ahmed A. Signature-based and
Machine-Learning-based Web Application Firewalls: A Short Survey. In: Procedia CIRP. Vol 189. Elsevier
B.V.; 2021:359-367.
12. Mukhtar BI, Azer MA. Evaluating the Modsecurity Web Application Firewall against SQL Injection Attacks.
In: Proceedings of ICCES 2020 - 2020 15th International Conference on Computer Engineering and Systems.
Institute of Electrical and Electronics Engineers Inc.; 2020.
13. Riera TS, Higuera JRB, Higuera JB, Herraiz JJM, Montalvo JAS. Prevention and fighting against web attacks
through anomaly detection technology. A systematic review. Sustain. 2020;12(12). 14. Díaz-Verdejo J,
Muñoz-Calle J, Alonso AE, Alonso RE, Madinabeitia G. On the Detection Capabilities of Signature-Based
Intrusion Detection Systems in the Context of Web Attacks. Appl Sci. 2022;12(2).
15. Hussein, S.M.: Performance evaluation of intrusion detection system using anomaly
and signature based algorithms to reduction false alarm rate and detect unknown
attacks. 2016 International Conference on Computational Science and Computa-
tional Intelligence (CSCI) pp. 1064–1069 (2016
16. Vyacheslav Lyashenko, Oleg Kobylin, Mykyta Minenko. 2018 International Scientific-Practical Conference
Problems of Infocommunications. Science and Technology (PIC S & T). IEEE; 2018.
17. Ortiz Garces I, Cazares MF, Andrade RO. Detection of phishing attacks with machine learning techniques in
cognitive security architecture. In: Proceedings - 6th Annual Conference on Computational Science and
Computational Intelligence, CSCI 2019. Institute of Electrical and Electronics Engineers Inc.; 2019:366-370.
18. Quỹ phát triển khoa học công nghệ quốc gia (Vietnam), Institute of Electrical and Electronics Engineers. RIVF
2019 Conference Proceedings : The 2019 IEEE-RIVF International Conference on Computing and
Communication Technologies : Danang, Vietnam, March 20-22, 2019.
19. Betarte G, Pardo A, Martinez R. Web Application Attacks Detection Using Machine Learning Techniques.
In: Proceedings - 17th IEEE International Conference on Machine Learning and Applications, ICMLA 2018.
Institute of Electrical and Electronics Engineers Inc.; 2019:1065-1072. 20. Zuech R. MACHINE
LEARNING ALGORITHMS FOR THE DETECTION AND ANALYSIS OF WEB ATTACKS.; 2021.
21. Sarker, Iqbal H. Kayes, A. S.M. Badsha, Shahriar Alqahtani, Hamed Watters, Paul Ng, Alex, "Cyber security
data science: an overview from machine learning perspective” July 2020. Journal of Big Data.
22. Thorarensen, C.: A Performance Analysis of Intrusion Detection with Snort and Security Information
Management. Master’s thesis, Link ̈oping University, Database and information techniques (2021)

23. Zhang Y, Ma D, Sun X, Chen K, Liu F. WGT: Thwarting Web Attacks through Web Gene Tree-based Moving
Target Defense. In: Proceedings - 2020 IEEE 13th International Conference on Web Services, ICWS 2020.
Institute of Electrical and Electronics Engineers Inc.; 2020:364-371. 24. Ren X, Hu Y, Kuang W,
Souleymanou MB. A web attack detection technology based on bag of words and hidden markov model. In:
Proceedings - 15th IEEE International Conference on Mobile Ad Hoc and Sensor Systems, MASS 2018.
Institute of Electrical and Electronics Engineers Inc.; 2018:526-531. doi:10.1109/MASS.2018.00081
25. Varol A, Institute of Electrical and Electronics Engineers. Portugal Section., Institute of Electrical and
Electronics Engineers. 7th International Symposium on Digital Forensics and Security : 10-12 June 2019,
Barcelos, Portugal.
26. Tang, R., Yang, Z., Li, Z., Meng, W., Wang, H., Li, Q., Sun, Y., Pei, D., Wei, T., Xu, Y., Liu, Y.D.:
Zerowall: Detecting zero-day web attacks through encoder-decoder recurrent neural networks. IEEE
INFOCOM 2020 - IEEE Conference on Computer Communications pp. 2479–2488 (2020)

27. Pan Y, Sun F, Teng Z, et al. Detecting web attacks with end-to-end deep learning. J Internet Serv Appl.
2019;10(1). doi:10.1186/s13174-019-0115-x
28. Yang, C., Shen, C.H.: Implement web attack detection engine with snort by using
modsecurity core rules (2009).
29. Zuech R, Hancock J, Khoshgoftaar TM. Investigating rarity in web attacks with ensemble learners. J Big Data.
2021;8(1).
30. Varol A, Karabatak M, Varol C, Fırat Üniversitesi, Institute of Electrical and Electronics Engineers. Turkey
Section, Institute of Electrical and Electronics Engineers. 6th International Symposium on Digital Forensic
and Security : Proceeding Book : 22-25 March 2018, Antalya, Turkey.
31. Alqahtani, H., Sarker, I.H., Kalim, A., Minhaz Hossain, S.M., Ikhlaq, S., Hossain, S. (2020). Cyber Intrusion
Detection Using Machine Learning Classification Techniques. In: Chaubey, N., Parikh, S., Amin, K. (eds)
Computing Science, Communication and Security. COMS2 2020. Communications in Computer and
Information Science, vol 1235. Springer, Singapore.
32. NSL-KDD dataset. (accessed 20 April, 2022), https://www.kaggle.com/datasets/hassan06/nslkdd
33. Hossain, S.M.M., Sen, A., Deb, K. (2023). Detecting Spam SMS Using Self Attention Mechanism. In: Vasant,
P., Weber, GW., Marmolejo-Saucedo, J.A., Munapo, E., Thomas, J.J. (eds) Intelligent Computing &
Optimization. ICO 2022. Lecture Notes in Networks and Systems, vol 569. Springer, Cham.
https://doi.org/10.1007/978-3-031-19958-5_17
34. Hossain, S.M.M. et al. (2022). Spam Filtering of Mobile SMS Using CNN–LSTM Based Deep Learning Model.
In: , et al. Hybrid Intelligent Systems. HIS 2021. Lecture Notes in Networks and Systems, vol 420. Springer,
Cham. https://doi.org/10.1007/978-3-030-96305-7_10