Open Access

ARTICLE

Injections Attacks Efficient and Secure Techniques Based on Bidirectional Long Short Time Memory Model

Abdulgbar A. R. Farea¹, Gehad Abdullah Amran^2,*, Ebraheem Farea³, Amerah Alabrah^4,*, Ahmed A. Abdulraheem⁵, Muhammad Mursil⁶, Mohammed A. A. Al-qaness⁷

1 School of Big Data & Software Engineering, Chongqing University, Chongqing, 401331, China
2 Department of Management Science Engineering, Dalian University of Technology, Dalian, 116024, China
3 Software College, Northeastern University, Shenyang, 110169, China
4 Department of Information Systems, College of Computer and Information Science, King Saud University, Riyadh, 11543, Saudi Arabia
5 Department of Management Science and Engineering, South China University of Technology, Guangzhou, 510641, China
6 Department of Computer Engineering and Mathematics, University of Rovira i Virgili, Tarragona, Spain
7 College of Physics and Electronic Information Engineering, Zhejiang Normal University, Jinhua, 321004, China

* Corresponding Authors: Gehad Abdullah Amran. Email: ; Amerah Alabrah. Email:

(This article belongs to the Special Issue: AI-driven Cybersecurity in Cyber Physical Systems enabled Healthcare, Current Challenges, Requirements and Future research Foresights)

Computers, Materials & Continua 2023, 76(3), 3605-3622. https://doi.org/10.32604/cmc.2023.040121

Received 06 March 2023; Accepted 13 June 2023; Issue published 08 October 2023

Abstract

E-commerce, online ticketing, online banking, and other web-based applications that handle sensitive data, such as passwords, payment information, and financial information, are widely used. Various web developers may have varying levels of understanding when it comes to securing an online application. Structured Query language SQL injection and cross-site scripting are the two vulnerabilities defined by the Open Web Application Security Project (OWASP) for its 2017 Top Ten List Cross Site Scripting (XSS). An attacker can exploit these two flaws and launch malicious web-based actions as a result of these flaws. Many published articles focused on these attacks’ binary classification. This article described a novel deep-learning approach for detecting SQL injection and XSS attacks. The datasets for SQL injection and XSS payloads are combined into a single dataset. The dataset is labeled manually into three labels, each representing a kind of attack. This work implements some pre-processing algorithms, including Porter stemming, one-hot encoding, and the word-embedding method to convert a word’s text into a vector. Our model used bidirectional long short-term memory (BiLSTM) to extract features automatically, train, and test the payload dataset. The payloads were classified into three types by BiLSTM: XSS, SQL injection attacks, and normal. The outcomes demonstrated excellent performance in classifying payloads into XSS attacks, injection attacks, and non-malicious payloads. BiLSTM’s high performance was demonstrated by its accuracy of 99.26%.

---

Keywords

---