New deep learning method to detect code injection attacks on hybrid applications

被引：28

作者：

Yan, Ruibo ^{[1
]}

Xiao, Xi ^{[1
]}

Hu, Guangwu ^{[2
]}

Peng, Sancheng ^{[3
]}

Jiang, Yong ^{[1
]}

机构：

[1] Tsinghua Univ, Grad Sch Shenzhen, Shenzhen, Peoples R China

[2] Shenzhen Inst Informat Technol, Sch Comp Sci, Shenzhen, Peoples R China

[3] Guangdong Univ Foreign Studies, Sch Informat, Guangzhou, Guangdong, Peoples R China

来源：

JOURNAL OF SYSTEMS AND SOFTWARE | 2018年 / 137卷

关键词：

Code injection; Hybrid application; Abstract syntax tree; Deep learning;

D O I：

10.1016/j.jss.2017.11.001

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Mobile phones are becoming increasingly pervasive. Among them, HTML5-based hybrid applications are more and more popular because of their portability on different systems. However these applications suffer from code injection attacks. In this paper, we construct a-novel deep learning network, Hybrid Deep Learning Network (HDLN), and use it to detect these attacks. At first, based on our previous work, we extract more features from Abstract Syntax Tree (AST) of JavaScript and employ three methods to select key features. Then we get the feature vectors and train HDLN to distinguish vulnerable applications from normal ones. Finally thorough experiments are done to validate our methods. The results show our detection approach with HDLN achieves 97.55% in accuracy and 97.60% in AUC, which outperforms those with other traditional classifiers and gets higher average precision than other detection methods. (C) 2017 Elsevier Inc. All rights reserved.

引用

页码：67 / 77

页数：11

共 50 条

[31] Machine learning techniques applied to detect cyber attacks on web applications
Choras, Michal
Kozik, Rafal
LOGIC JOURNAL OF THE IGPL, 2015, 23 (01) : 45 - 56
[32] Automated Discovery of Java']JavaScript Code Injection Attacks in PHP Web Applications
Gupta, Shashank
Gupta, B. B.
1ST INTERNATIONAL CONFERENCE ON INFORMATION SECURITY & PRIVACY 2015, 2016, 78 : 82 - 87
[33] A novel method to detect cyber-attacks in IoT/IIoT devices on the modbus protocol using deep learning
Gueye, Thierno
Wang, Yanen
Rehman, Mudassar
Mushtaq, Ray Tahir
Zahoor, Sadaf
CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS, 2023, 26 (05): : 2947 - 2973
[34] A novel method to detect cyber-attacks in IoT/IIoT devices on the modbus protocol using deep learning
Thierno Gueye
Yanen Wang
Mudassar Rehman
Ray Tahir Mushtaq
Sadaf Zahoor
Cluster Computing, 2023, 26 : 2947 - 2973
[35] Detecting Shilling Attacks Using Hybrid Deep Learning Models
Ebrahimian, Mahsa
Kashef, Rasha
SYMMETRY-BASEL, 2020, 12 (11): : 1 - 15
[36] A New and Quick Method to Detect DoS Attacks by Neural Networks
Javidi, Mohammad Masoud
Nattaj, Mohammad Hassan
JOURNAL OF MATHEMATICS AND COMPUTER SCIENCE-JMCS, 2013, 6 (02): : 85 - 96
[37] A New Hybrid Adaptive Deep Learning-Based Framework for UAVs Faults and Attacks Detection
Tlili, Fadhila
Ayed, Samiha
Fourati, Lamia Chaari
IEEE TRANSACTIONS ON SERVICES COMPUTING, 2023, 16 (06) : 4128 - 4139
[38] Deep Learning Hybrid Approaches to Detect Fake Reviews and Ratings
Deshai, N.
Rao, B. Bhaskara
JOURNAL OF SCIENTIFIC & INDUSTRIAL RESEARCH, 2023, 82 (01): : 120 - 127
[39] Deep Learning Defense Method Against Adversarial Attacks
Wang, Ling
Zhang, Cheng
Liu, Jie
2020 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN, AND CYBERNETICS (SMC), 2020, : 3667 - 3671
[40] Defending SDN against packet injection attacks using deep learning
Phu, Anh Tuan
Li, Bo
Ullah, Faheem
Ul Huque, Tanvir
Naha, Ranesh
Babar, Muhammad Ali
Nguyen, Hung
COMPUTER NETWORKS, 2023, 234

← 1 2 3 4 5 →