WEB ATTACK DETECTION COMPARATIVE ANALYSIS OF LSTM AND DNN-BASED DEFENSE MODELS WITH CORRESPONDENCE ANALYSIS

Authors

  • Jaehyung Park Division of Smart Cities, Korea University, Sejong, South Korea
  • Junghee Park Cognitive Engineering Lab, Yonsei University, Seoul, South Korea

DOI:

https://doi.org/10.20319/stra.2025.1024

Abstract

Recently since there exists more companies using web, web attacks to hijacking or manipulate the privacy information have increased. Among web vulnerability OWASP has introduced, SQL injection, XSS, File Inclusion have constantly occurred through more than a decade. It concludes that web servers have trouble with blocking old-fashioned web vulnerabilities. This paper is going to skim through web attack defending methods and compares existing web attack detection machine learning models and new ensemble model DPL with ANOVA, chi-square analysis, correspondence analysis to find out relativity between model and web attack. As result of correspondence analysis, brand new model DPL excels existing models but even DPL model have low relativity on XSS. It is expected that post research must introduce more XSS relevant model.

References

Ahn, J., Lee, E., & Chang, B.-M. (2015). SW 개발보안을 위한 보안약점 표준목록 연구. Review of KIISC, 25(1), 7-17.

Alnabulsi, H., Islam, M. D. R., & Mamun, Q. (2014). Detecting SQL injection attacks using SNORT IDS. In 1st IEEE Asia-Pacific World Congress on Computer Science and Engineering (pp. 1-7). United States: IEEE Xplore.

Baranwal, A. K. (2012). Approaches to detect SQL injection and XSS in web applications. EECE 571b, Term Survey paper.

Eun-jung, C., 정휘찬, & 김승엽. (2015). Attacks and Defenses for Vulnerability of Cross Site Scripting. 디지털융복합연구, 13(2), 177-183.

Fawcett, T. (2006). An introduction to ROC analysis. Pattern recognition letters, 27(8), 861-874.

Greenacre, M. (2017). Correspondence analysis in practice. chapman and hall/crc.

Hassan, M. M., Bhuyian, T., Sohel, M. K., Sharif, M. H., & Biswas, S. (2018). SAISAN: an automated local file inclusion vulnerability detection model. International Journal of Engineering & Technology, 7(2-3), 4.

Hong, S. (2013). XSS Attack and Countermeasure: Survey. Journal of digital Convergence, 11(12), 327-332.

Huang, J., Li, Y., Zhang, J., & Dai, R. (2019). UChecker: Automatically detecting php-based unrestricted file upload vulnerabilities. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN),

Huh, S.-p., Lee, D.-s., & Kim, G.-n. (2009). A Study on XSS Attacks Characters, Sample of Using Efficient the Regular Expressions. Proceedings of Korea Information Processing Society, 16(2), 663-664.

Juvonen, A., Sipola, T., & Hämäläinen, T. (2015). Online anomaly detection using dimensionality reduction techniques for HTTP log analysis. Computer Networks, 91, 46-56.

Kim, Y., Ko, Y., Euom, I., & Kim, K. (2020). Web Attack Classification Model Based on Payload Embedding Pre-Training. Journal of The Korea Institute of Information Security & Cryptology, 30(4), 669-677.

Liang, J., Zhao, W., & Ye, W. (2017). Anomaly-based web attack detection: a deep learning approach. Proceedings of the 2017 VI International Conference on Network, Communication and Computing,

Mahoney, M. V., & Chan, P. K. (2002). Learning nonstationary models of normal network traffic for detecting novel attacks. Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining,

OWASP. (2024). Top10. Retrieved Jan 03 from

https://github.com/OWASP/Top10

Pak, D., Hwang, M., MINJI, L., SUNG-IL, W., Hahn, S.-W., Jung, L. Y., & Hwang, J. (2020). Application of Text-Classification Based Machine Learning in Predicting Psychiatric Diagnosis. Korean Journal of Biological Psychiatry, 27(1).

Rathore, S., Sharma, P. K., & Park, J. H. (2017). XSSClassifier: an efficient XSS attack detection approach based on machine learning classifier on SNSs. Journal of Information Processing Systems, 13(4), 1014-1028.

Roesch, M. (1999). Snort: Lightweight intrusion detection for networks. Lisa,

Roh, J.-H., Min, S.-H., & Kong, M.-S. (2022). Analysis of Fire Prediction Performance of Image Classification Models based on Convolutional Neural Network. Fire Science and Engineering, 36(6), 70-77.

Sarkar, S., & Nandan, M. (2022). Password Strength Analysis and its Classification by Applying Machine Learning Based Techniques. 2022 Second International Conference on Computer Science, Engineering and Applications (ICCSEA),

Schütze, H., Manning, C. D., & Raghavan, P. (2008). Introduction to information retrieval (Vol. 39). Cambridge University Press Cambridge.

Syaifuddin, S., Risqiwati, D., & Sidharta, H. A. (2018). Automation snort rule for XSS detection with honeypot. 2018 5th International conference on electrical engineering, computer science and informatics (EECSI),

Tajbakhsh, M. S., & Bagherzadeh, J. (2015). A sound framework for dynamic prevention of Local File Inclusion. 2015 7th Conference on Information and Knowledge Technology (IKT),

Downloads

Published

2025-06-12

How to Cite

Jaehyung Park, & Junghee Park. (2025). WEB ATTACK DETECTION COMPARATIVE ANALYSIS OF LSTM AND DNN-BASED DEFENSE MODELS WITH CORRESPONDENCE ANALYSIS. MATTER: International Journal of Science and Technology, 10–24. https://doi.org/10.20319/stra.2025.1024

Issue

2025: Proceedings of Scientific and Technical Research Association (STRA)

Section

Articles

License

Copyright (c) 2025 Jaehyung Park, Junghee Park

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Copyright of Published Articles

Author(s) retain the article copyright and publishing rights without any restrictions.

Creative Commons License
All published work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.