Research Into the Security Threat of Web Application

Authors

  • Yanling Zhang School of Information Engineering, Jiaozuo University, China
  • Ting Zhang School of Information Engineering, Jiaozuo University, China

DOI:

https://doi.org/10.13052/jwe1540-9589.21514

Keywords:

Security threat, web application, improved butterfly algorithm, optimization model, SQL injection loophole

Abstract

In order to effectively analyze the security threat of web application, the security threat model of web application is established. Firstly, the main problems with web application are summarized. Secondly, the main security threat of web application are analyzed, and the corresponding optimization model is constructed. An algorithm based on the improved Butterfly Optimization Algorithm (BOA) security threat optimization model is designed. Finally, a SQL injection loophole is selected for example research, and the security threat path of web application is obtained. The results show IBOA has the advantages of high optimization accuracy, global optimization and stable solution, and average accuracy rate is 99.1% and the average recall rate is 99.1%, which shows that the model has better classification effect, therefore it has the best performance.

Downloads

Download data is not yet available.

Author Biographies

Yanling Zhang, School of Information Engineering, Jiaozuo University, China

Yanling Zhang was born in Jiaozuo City, Henan Province, China, she obtained a master’s degree in computer application technology from the Information Engineering University of the People’s Liberation Army in 2006. She is currently an associate professor at the School of Information Engineering, Jiaozuo University, Henan Province. Her research interests include big data, machine learning and other technologies is applied research in various fields of society. Since 2017, she has presided over or participated in 4 provincial and ministerial projects, presided over the completion of 16 municipal and departmental projects, and participated in 10 projects; received funding for many times; published 1 academic monograph; and completed 10 utility model patents as the first inventor 2 invention patents; 10 papers published; 13 achievement awards.

Ting Zhang, School of Information Engineering, Jiaozuo University, China

Ting Zhang was born in Jiaozuo City, Henan Province, China, She received the B.S. degree in computer science and technology from Anyang Normal University in 2015 and the M.S. degree in computer application technology from Kunming University of science and technology in 2018. She is currently a assistant at the School of Information Engineering, Jiaozuo University, China. Her research interests include Data Mining and Cloud Computing. She has published a paper, participated in writing a SCI paper and has been published, participated in three invention patents, and participated in writing two core papers.

References

Zohreh S. Gatmiry, Ashkan Hafezalkotob, Morteza Khakzar bafruei, Roya Soltani, Food web conservation vs. strategic threats: A security game approach, Ecological Modelling, 442, 2021, 109426.

Simon Applebaum, Tarek Gaber, Ali Ahme, Signature-based and Machine-Learning-based Web Application Firewalls: A Short Survey, Procedia Computer Science, 189, 2021, 359–367.

Giuseppe Cascavilla, Damian A. Tamburri, Willem-Jan Van Den Heuvel, Cybercrime threat intelligence: A systematic multi-vocal literature review, Computers & Security, 105, 2021, 102258.

Andrea Tundis, Samuel Ruppert, Max Mühlhäuser, A Feature-driven Method for Automating the Assessment of OSINT Cyber Threat Sources, Computers & Security, 113, 2022, 102576.

Massimiliano Rak, Giovanni Salzillo, Daniele Granata, ESSecA: An automated expert system for threat modelling and penetration testing for IoT ecosystems, Computers and Electrical Engineering, 99, 2022, 107721.

Bin Zhao, Yi Ren, Diankui Gao, Lizhi Xu, Yuanyuan Zhang, Energy utilization efficiency evaluation model of refining unit Based on Contourlet neural network optimized by improved grey optimization algorithm, Energy, 185, 2019, 1032–1044.

Adem Tekerek, A novel architecture for web-based attack detection using convolutional neural network, Computers & Security, 100, 2021, 102096.

Stefano Calzavara, Hugo Jonker, Benjamin Krumnow, Alvise Rabitti, Measuring Web Session Security at Scale, Computers & Security, 111, 2021, 102472

Adem Tekerek, A novel architecture for web-based attack detection using convolutional neural network, Computers & Security, 100, 2021, 102096.

Bin Zhao, Yi Ren, Diankui Gao, Lizhi Xu, Performance ratio prediction of photovoltaic pumping system based on grey clustering and second curvelet neural network, Energy, 171, 2019, 360–371.

Göksel Uçtu, Mustafa Alkan, İbrahim Alper Doğru, Murat Dörterler, A suggested testbed to evaluate multicast network and threat prevention performance of Next Generation Firewalls, Future Generation Computer Systems, 124, 2021, 56–67.

Waleed Bin Shahi, Baber Aslam Haider, Abbas Hammad AfzalSaad, Bin Khalid, A deep learning assisted personalized deception system for countering web application attacks, Journal of Information Security and Applications, 67, 2022, 103169.

Chadni Islam, M. Ali Babar, Roland Croft, Helge Janicke, SmartValidator: A framework for automatic identification and classification of cyber threat data, Journal of Network and Computer Applications, 202, 2022, 103370.

Sang Min Han, Chanyoung Lee, Poong Hyun Seong, Estimating the frequency of cyber threats to nuclear power plants based on operating experience analysis, International Journal of Critical Infrastructure Protection, 37, 2022, 100523.

Sang Min Han, Chanyoung Lee, Poong Hyun Seong, Estimating the frequency of cyber threats to nuclear power plants based on operating experience analysis, International Journal of Critical Infrastructure Protection, 37, 2022, 100523.

Renya Nath, NHiran V Nath, Critical analysis of the layered and systematic approaches for understanding IoT security threats and challenges, Computers and Electrical Engineering, 100, 2022, 1079997.

Frank L. Greitzer, James D. Lee, Justin Purl, Abbas K. Zaidi, Design and Implementation of a Comprehensive Insider Threat Ontology, Procedia Computer Science, 153, 2019, 361–369.

Arnau Erol, Ioannis Agrafiotis, Michael Goldsmith, Sadie Creese, Insider-threat detection: Lessons from deploying the CITD tool in three multinational organisations, Journal of Information Security and Applications, 67, 2022, 103167.

Ha Thanh Le, Lwin Khin Shar, Domenico Bianculli, Lionel Claude Briand, Cu Duy Nguyen, Automated reverse engineering of role-based access control policies of web applications, Journal of Systems and Software, 184, 2022, 111109.

Wen Long, Ming Xu, Jianjun Jiao, Tiebin Wu, Mingzhu Tang, Shaohong Cai, A velocity-based butterfly optimization algorithm for high-dimensional optimization and feature selection, Expert Systems with Applications, 201, 2022, 117217.

Anurag Tiwari, Amrita Chaturvedi, A hybrid feature selection approach based on information theory and dynamic butterfly optimization algorithm for data classification, Expert Systems with Applications, 196, 2022, 116621.

Zohre Sadeghian, Ebrahim Akbari, Hossein Nematzadeh, A hybrid feature selection method based on information theory and binary butterfly optimization algorithm, Engineering Applications of Artificial Intelligence, 97, 2021, 104079.

Published

2022-08-27

Issue

Section

Advanced Practice in Web Engineering