Ai-powered web application security mechanisms

Abstract

In the current era of widespread digitalization, the volume of processed private and sensitive data has significantly increased due to the adoption of web-based applications. With this expansion, the need for robust cybersecurity measures to protect against external threats has grown immensely. Corporate networks traditionally served as a barrier to prevent direct access from the Internet, but attackers are targeting web application servers, which are the main points of contact for end users. Thus, this thesis presents AI-based mechanisms for protecting sensitive information of companies as they rely on web-based applications for data storage and exchange. As web application security becomes a top concern across industries, high-performance computing and intelligent solutions are needed to analyze and comprehend vast amounts of web application logs. Machine learning, a branch of artificial intelligence, emerges as a key technique to address these issues. Machine learning is ideal for identifying and evaluating web-based attacks since it allows computers to learn from data and predict results. The thesis explores how machine learning techniques such as regression, prediction, and classification effectively resolve common web application security problems. Researchers have found applications in network management and operation, resource optimization, security analysis, and user profiling. Additionally, zero-shot learning, a technique commonly associated with natural language processing and computer vision, is proposed as a promising approach in web application security for detecting previously unseen attacks. This thesis presents AI-powered web application security mechanisms that lay the groundwork for the threat detection capabilities of ML. It focuses on malicious web requests and web session detection using supervised and unsupervised approaches and makes three major contributions. First, this thesis introduces the Zero-Shot Learning approach using a Convolutional Neural Network (ZSL-CNN), which effectively tackles high false positive rates and unbalanced data issues encountered during ML-based web application attack detection. The approach is evaluated using five distinct web request datasets, and the ZSL-CNN model outperforms other models with a remarkable true positive rate. Second, this thesis presents an innovative approach that uses machine learning-based classification to detect malicious web sessions. This technique combines an embedding layer with machine learning algorithms and demonstrates superior accuracy compared to benchmark methodologies. Finally, this thesis introduces another innovative approach that combines unsupervised learning methodologies. This approach, which focuses on web-based session security, employs two unsupervised learning algorithms to efficiently discriminate benign sessions from malicious sessions for a web application. This thesis presents a comprehensive investigation of the intersection of machine learning and web application security in the digital age, providing valuable insights and innovative solutions for protecting web applications.