Testing machine learning methods in the problem of classifying HTTP queries using technology TF-IDF

Abstract

Nowadays, the number of attacks on the information system is rapidly increasing not only in the amount but also in quality. Each attack violates the properties of confidentiality, integrity, and accessibility of information, so most attacks pursue financial gain, especially a Web attack because almost companies use web applications for their business. The issue of protecting personal data from these attacks is becoming a major issue for all organizations and companies. Thus, the need to use an intrusion detection system, an intrusion prevention system and a firewall to protect these data is relevant. These systems use many attack detection methods, such as the white list and blacklist, signature-based detection method, anomaly detection method, but they protect web applications at the network level. Since the modern complex attack on web applications most often occurs at the application level, in the form of HTTP/HTTPS queries to the website, where these traditional systems have extremely limited capabilities to detect attacks and widespread benefit of machine learning methods in many areas of information security. This article gives a brief overview of some types of popular attacks on Web applications, main machine learning methods and their testing in the task of problem detection web application attacks by classifying HTTP requests on Web Application Firewall. Also, this article is given a conclusion about the working of machine learning methods to identify the most effective method from them. Our future research aims to increase the accuracy of attack detection on web applications by using machine learning methods and analyzing attributes of HTTP requests on the web application firewall.