1. Shodhganga@INFLIBNET
  2. Kakatiya University, Warangal
  3. Department of Computer Science & Engineering
Please use this identifier to cite or link to this item: http://hdl.handle.net/10603/290337
Title: Machine Learning based Models for Detecting HTTP Input Validation Vulnerabilities of Web Applications
Researcher: S. Venkatramulu
Guide(s): C. V. Guru Rao
Keywords: Computer Science
Computer Science Cybernetics
Engineering and Technology
University: Kakatiya University, Warangal
Completed Date: 14-10-2020
Abstract: Every organization is offering their services through online web applications in recent days. Accessing the online services could be the most malevolent, as the browsers themselves can adapt in the form of attacking equipment. The problems caused by web applications attacks like SQL injection (SQLi) and Cross Site Scripting (XSS) stem from their notorious ability to blend in to the noise associated with web application traffic. Most of the web application vulnerabilities are happened due to lack of input validations. The conventional approach of dealing with the impact of web applications vulnerabilities like SQLi and XSS is the verification of code by syntax analyzers. Here, the other important confine of these syntax analyzers is dependency of programming language. This thesis explored the models based on machine learning to augment traditional methods of identifying and preventing web based attacks of input parameter vulnerabilities. newline newlineAt first a model for detecting and preventing input validation vulnerabilities such as SQL Injection and XSS attacks in web applications using a Rule Based Pattern Discovery (RPAD) is developed. The proposed algorithm deals to discover the divergent patterns of these features and their correlation with the labels called malevolent and benevolent . The proposed RPAD discovers the patterns from features for malevolent as well as benevolent records. Then a set of rules are framed. Each of these rules shall indicate the pattern is either malevolent or benevolent. These rules are stored as knowledge for the further process. Further, it extracts the test patterns of features from input parameters and their values for test records. Then, it labels a given input record as either malevolent or benevolent based on the test patterns. This model is efficiently worked on categorical web data. Our contribution on RPAD is compared to an existing model IPAAS. The detection accuracy for the SQL injection and XSS vulnerabilities are substantial when compared to IPAAS. The evaluation consider
Pagination: 1-130
URI: http://hdl.handle.net/10603/290337
Appears in Departments:Department of Computer Science & Engineering

Files in This Item:
File Description SizeFormat 
01_title.pdfAttached File121.07 kBAdobe PDFView/Open
02_certificate.pdf12.18 MBAdobe PDFView/Open
03_abstract.pdf.pdf17.11 kBAdobe PDFView/Open
04_declaration.pdf11.83 MBAdobe PDFView/Open
05_acknowledgement.pdf24.31 kBAdobe PDFView/Open
06_contents.pdf70.22 kBAdobe PDFView/Open
07_list_of_tables.pdf45.05 kBAdobe PDFView/Open
08_list_ of_figures.pdf57.5 kBAdobe PDFView/Open
09_ abbreviations.pdf32.6 kBAdobe PDFView/Open
10_chapter-1.pdf55.96 kBAdobe PDFView/Open
11_chapter-2.pdf108.84 kBAdobe PDFView/Open
12_chapter-3.pdf319.9 kBAdobe PDFView/Open
13_chapter-4.pdf1.16 MBAdobe PDFView/Open
14_conclusion.pdf34.8 kBAdobe PDFView/Open
15_bibliography.pdf92.33 kBAdobe PDFView/Open
80_recommendation.pdf34.8 kBAdobe PDFView/Open
plagiarism certificate.pdf13 MBAdobe PDFView/Open
Show full item record


Items in Shodhganga are licensed under Creative Commons Licence Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).

Altmetric Badge: