Open Access

ARTICLE

An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection

Deris Stiawan¹, Ali Bardadi¹, Nurul Afifah¹, Lisa Melinda¹, Ahmad Heryanto¹, Tri Wanda Septian¹, Mohd Yazid Idris², Imam Much Ibnu Subroto³, Lukman⁴, Rahmat Budiarto^5,*

1 Universitas Sriwijaya, Palembang, 30319, Indonesia
2 Universiti Teknologi Malaysia, Johor, 81310, Malaysia
3 Universitas Islam Sultan Agung, Semarang, 50112, Indonesia
4 Directorat General of Higher Education Research and Technology, Jakarta, 10270, Indonesia
5 Albaha University, Alaqiq, 65779-7738, Saudi Arabia

* Corresponding Author: Rahmat Budiarto. Email:

Computer Systems Science and Engineering 2023, 46(2), 1759-1774. https://doi.org/10.32604/csse.2023.034047

Received 05 July 2022; Accepted 08 December 2022; Issue published 09 February 2023

Abstract

The Repository Mahasiswa (RAMA) is a national repository of research reports in the form of final assignments, student projects, theses, dissertations, and research reports of lecturers or researchers that have not yet been published in journals, conferences, or integrated books from the scientific repository of universities and research institutes in Indonesia. The increasing popularity of the RAMA Repository leads to security issues, including the two most widespread, vulnerable attacks i.e., Structured Query Language (SQL) injection and cross-site scripting (XSS) attacks. An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous. This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks. The proposed system combines a Long Short–Term Memory and Principal Component Analysis (LSTM-PCA) model as a classifier. This model can effectively solve the vanishing gradient problem caused by excessive positive samples. The experiment results show that the proposed system achieves an accuracy of 96.85% using an 80%:20% ratio of training data and testing data. The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’ patterns. The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded. In addition, the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory.

---

Keywords

---