Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature Review

Rokia Lamrani Alaoui and El Habib Nfaoui

Resumen

Web applications are the best Internet-based solution to provide online web services, but they also bring serious security challenges. Thus, enhancing web applications security against hacking attempts is of paramount importance. Traditional Web Application Firewalls based on manual rules and traditional Machine Learning need a lot of domain expertise and human intervention and have limited detection results faced with the increasing number of unknown web attacks. To this end, more research work has recently been devoted to employing Deep Learning (DL) approaches for web attacks detection. We performed a Systematic Literature Review (SLR) and quality analysis of 63 Primary Studies (PS) on DL-based web applications security published between 2010 and September 2021. We investigated the PS from different perspectives and synthesized the results of the analyses. To the best of our knowledge, this study is the first of its kind on SLR in this field. The key findings of our study include the following. (i) It is fundamental to generate standard real-world web attacks datasets to encourage effective contribution in this field and to reduce the gap between research and industry. (ii) It is interesting to explore some advanced DL models, such as Generative Adversarial Networks and variants of Encoders?Decoders, in the context of web attacks detection as they have been successful in similar domains such as networks intrusion detection. (iii) It is fundamental to bridge expertise in web applications security and expertise in Machine Learning to build theoretical Machine Learning models tailored for web attacks detection. (iv) It is important to create a corpus for web attacks detection in order to take full advantage of text mining in DL-based web attacks detection models construction. (v) It is essential to define a common framework for developing and comparing DL-based web attacks detection models. This SLR is intended to improve research work in the domain of DL-based web attacks detection, as it covers a significant number of research papers and identifies the key points that need to be addressed in this research field. Such a contribution is helpful as it allows researchers to compare existing approaches and to exploit the proposed future work opportunities.

Palabras claves

deep learning - systematic literature review - web applications security - web attacks detection - web vulnerabilities

Acceso

PÁGINAS

pp. 0 - 0

NÚMERO

Volumen: 14 Parte: 4 (2022)

MATERIAS

INFRAESTRUCTURA

REVISTAS SIMILARES

Water
Buildings
Big Data and Cognitive Computing

DOI

https://doi.org/10.3390/fi14040118

Artículos similares

A Survey of Incremental Deep Learning for Defect Detection in Manufacturing

Acceso

Reenu Mohandas, Mark Southern, Eoin O?Connell and Martin Hayes

Deep learning based visual cognition has greatly improved the accuracy of defect detection, reducing processing times and increasing product throughput across a variety of manufacturing use cases. There is however a continuing need for rigorous procedure... ver más

Revista: Big Data and Cognitive Computing

Unveiling Sentiments: A Comprehensive Analysis of Arabic Hajj-Related Tweets from 2017?2022 Utilizing Advanced AI Models

Acceso

Hanan M. Alghamdi

Sentiment analysis plays a crucial role in understanding public opinion and social media trends. It involves analyzing the emotional tone and polarity of a given text. When applied to Arabic text, this task becomes particularly challenging due to the lan... ver más

Revista: Big Data and Cognitive Computing

A Lightweight Neural Network Model for Disease Risk Prediction in Edge Intelligent Computing Architecture

Acceso

Feng Zhou, Shijing Hu, Xin Du, Xiaoli Wan and Jie Wu

In the current field of disease risk prediction research, there are many methods of using servers for centralized computing to train and infer prediction models. However, this centralized computing method increases storage space, the load on network band... ver más

Revista: Future Internet

Deep Learning for Intrusion Detection Systems (IDSs) in Time Series Data

Acceso

Konstantinos Psychogyios, Andreas Papadakis, Stavroula Bourou, Nikolaos Nikolaou, Apostolos Maniatis and Theodore Zahariadis

The advent of computer networks and the internet has drastically altered the means by which we share information and interact with each other. However, this technological advancement has also created opportunities for malevolent behavior, with individual... ver más

Revista: Future Internet

An Analysis of Methods and Metrics for Task Scheduling in Fog Computing

Acceso

Javid Misirli and Emiliano Casalicchio

The Internet of Things (IoT) uptake brought a paradigm shift in application deployment. Indeed, IoT applications are not centralized in cloud data centers, but the computation and storage are moved close to the consumers, creating a computing continuum b... ver más

Revista: Future Internet

Revistas destacadas

Acceso directo a los números publicados en la revista Infrastructures

Infrastructures

Acceso directo a los números publicados en la revista Informed Infraestructure

Informed Infraestructure

Acceso directo a los números publicados en la revista BiT

Acceso directo a los números publicados en la revista Revista de la Construcción

Revista de la Construcción

Ver todas las revistas