Code injection-based attacks like cross-site scripting (XSS) and Structured Query
Language Injection (SQLi) are among the most critical security issues for web
applications. Web application firewalls (WAFs) are installed to defend against
injection attacks. The WAF has a predefined rule set to detect malicious content
in HTTP requests. Nevertheless, attackers use cleverly crafted payload
modifications to evade such rule sets. This project presents a novel approach that
extracts user inputs from HTTP requests to find sophisticated XSS and SQLi
attack vectors. The proposed solution is a two-tier securing mechanism that uses
both a deep learning model called Bidirectional Encoder Representations from
Transformers (BERT), which is fine-tuned to classify SQLi and XSS attacks, and a
context-aware classifier which looks for a change in the structure of the intended
query to detect SQL injections. This work is a server-side solution and
implemented as a reverse proxy thus requiring no changes in the server code. The
BERT model achieves detection accuracy of 98.98% and a precision rate of 99.14%
on a real-world dataset after fivefold cross-validation. Also, the context-aware
classifier produced zero false positives and false negatives during testing
Comments