Open Access iconOpen Access

ARTICLE

crossmark

An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection

Deris Stiawan1, Ali Bardadi1, Nurul Afifah1, Lisa Melinda1, Ahmad Heryanto1, Tri Wanda Septian1, Mohd Yazid Idris2, Imam Much Ibnu Subroto3, Lukman4, Rahmat Budiarto5,*

1 Universitas Sriwijaya, Palembang, 30319, Indonesia
2 Universiti Teknologi Malaysia, Johor, 81310, Malaysia
3 Universitas Islam Sultan Agung, Semarang, 50112, Indonesia
4 Directorat General of Higher Education Research and Technology, Jakarta, 10270, Indonesia
5 Albaha University, Alaqiq, 65779-7738, Saudi Arabia

* Corresponding Author: Rahmat Budiarto. Email: email

Computer Systems Science and Engineering 2023, 46(2), 1759-1774. https://doi.org/10.32604/csse.2023.034047

Abstract

The Repository Mahasiswa (RAMA) is a national repository of research reports in the form of final assignments, student projects, theses, dissertations, and research reports of lecturers or researchers that have not yet been published in journals, conferences, or integrated books from the scientific repository of universities and research institutes in Indonesia. The increasing popularity of the RAMA Repository leads to security issues, including the two most widespread, vulnerable attacks i.e., Structured Query Language (SQL) injection and cross-site scripting (XSS) attacks. An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous. This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks. The proposed system combines a Long Short–Term Memory and Principal Component Analysis (LSTM-PCA) model as a classifier. This model can effectively solve the vanishing gradient problem caused by excessive positive samples. The experiment results show that the proposed system achieves an accuracy of 96.85% using an 80%:20% ratio of training data and testing data. The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’ patterns. The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded. In addition, the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory.

Keywords


Cite This Article

D. Stiawan, A. Bardadi, N. Afifah, L. Melinda, A. Heryanto et al., "An improved lstm-pca ensemble classifier for sql injection and xss attack detection," Computer Systems Science and Engineering, vol. 46, no.2, pp. 1759–1774, 2023.



cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 993

    View

  • 550

    Download

  • 0

    Like

Share Link