Abstract:

The address lines used to access the web pages or the forms on the web pages and applications that we can get from the user, so we recognize an unlimited possibility to understand the user's intention, are in the first place in every period in terms of security risk. For the detection of attacks on these fields, literature uses a variety of approaches, static, dynamic and hybrid. However, it seems that these methods do not determine what to be done for the Error Alarm situations, and in these cases they remain completely ineffective. This study aimed at reducing the level of Error-Alarm to reduce this uncertainty found in literature and increasing the correct detection rate. As part of the study, from May 5, 2021, the current 13157 SQLi and XSS type harmful, 10,000 normal HTTP requests have been used. All HTTP requests have been taken from the same web server, and the normal requests and harmful requests have been observed close to each other. In this study, a new approach was introduced by expressing the data in words and using processes of digitalization together in the data pre-processing stages. For classification, LSTM, MLP, CNN, GNB, SVM, KNN, DT, RF algorithms were used and the results were evaluated with accuracy, precision, specificity and F1 score metric. The findings achieved by this study can be classified as follows: 1) Some attack vectors, even apparently different, may actually be in the same character after the pre-process, 2) symbolization of words makes the characteristics of the attack vector clearer, 3) the ecological distances of the words have been shown to increase the success of the extract of the characteristics by calculating the ecological distances of the words.

Keywords: