Securing web applications using machine learning
No Thumbnail Available
Date
2025-02-03
Authors
Osama Salahat
Yousef Assaf
Ameer Younis
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Web applications play a crucial role in today’s digital world, providing a wide range of services and handling sensitive data. However, their widespread use also makes them prime targets for cyberattacks, particularly SQL Injection (SQLi) and Cross-Site Scripting (XSS). These attacks can lead to data breaches, unauthorized access, and even complete system compromise. Traditional Intrusion Detection Systems (IDS) rely on predefined rules, which often fail to keep up with evolving attack techniques, leaving systems vulnerable.
This project introduces a machine learning-based solution to protect web applications from SQLi and XSS attacks. Using a large dataset of real attack payloads, the system applies Term Frequency-Inverse Document Frequency (TF-IDF) to extract meaningful patterns from web inputs. A Logistic Regression model then analyzes these patterns to classify incoming requests as either safe or malicious.
To enhance security further, the system is integrated with pfSense, a powerful open-source firewall, through its REST API. This integration not only detects threats but also blocks malicious users in real time, adding an extra layer of protection.
Testing results show that the model achieves an impressive 97% accuracy in detecting attacks, highlighting its effectiveness. By leveraging machine learning, this approach overcomes the limitations of traditional IDS, offering an automated, scalable, and adaptive solution for web security. This project demonstrates the potential of AI-driven cybersecurity in defending modern online systems against ever-evolving threats.