Recon: Efficient Intrusion Recovery for Web Applications

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Concurrency and Computation-Practice & Experience Pub Date : 2025-03-26 DOI:10.1002/cpe.70066

Mohamed Hammad, Nabil Hewahi, Wael Elmedany

{"title":"Recon: Efficient Intrusion Recovery for Web Applications","authors":"Mohamed Hammad, Nabil Hewahi, Wael Elmedany","doi":"10.1002/cpe.70066","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>In the present systems, recovery from intrusions usually takes much time. Hosted web applications are vulnerable to cyberattacks and may be at risk due to HTTP requests that exploit these vulnerabilities. In this article, we present an approach to recovering web systems from cyberattacks using machine learning approaches. Our approach is called Reconstruct (Recon). Users and administrators of web applications can benefit from the Recon system that helps recover from intrusions while protecting authorized user changes. The recovery mechanism used in Recon involves carrying out the compensation operations to remove the effects of the attack and re-do the subsequently authorized actions. A system administrator can carry out the recovery operation that does not require any changes to be made to the software. In this article, a convolutional neural network is used with long short-term memory to map the requests that the application receives to the database statements executed in the database. Two extensively utilized web applications, that is, WordPress and LimeSurvey, were used to evaluate Recon. According to the findings, it is possible to remove the impact of malicious requests while maintaining legitimate application data with minimum user input at an expense of 1%–2% in throughput, 2.24–3.1 GB/day in storage, and achieving an F1-score of up to 98.56%. The obtained performance results outperform past research studies' performance overhead by up to 20×.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 6-8","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70066","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

In the present systems, recovery from intrusions usually takes much time. Hosted web applications are vulnerable to cyberattacks and may be at risk due to HTTP requests that exploit these vulnerabilities. In this article, we present an approach to recovering web systems from cyberattacks using machine learning approaches. Our approach is called Reconstruct (Recon). Users and administrators of web applications can benefit from the Recon system that helps recover from intrusions while protecting authorized user changes. The recovery mechanism used in Recon involves carrying out the compensation operations to remove the effects of the attack and re-do the subsequently authorized actions. A system administrator can carry out the recovery operation that does not require any changes to be made to the software. In this article, a convolutional neural network is used with long short-term memory to map the requests that the application receives to the database statements executed in the database. Two extensively utilized web applications, that is, WordPress and LimeSurvey, were used to evaluate Recon. According to the findings, it is possible to remove the impact of malicious requests while maintaining legitimate application data with minimum user input at an expense of 1%–2% in throughput, 2.24–3.1 GB/day in storage, and achieving an F1-score of up to 98.56%. The obtained performance results outperform past research studies' performance overhead by up to 20×.

查看原文本刊更多论文

Recon: Web应用程序的有效入侵恢复

在目前的系统中，从入侵中恢复通常需要很长时间。托管的web应用程序容易受到网络攻击，并且可能由于HTTP请求利用这些漏洞而处于危险之中。在本文中，我们提出了一种使用机器学习方法从网络攻击中恢复web系统的方法。我们的方法被称为重建（侦察）。web应用程序的用户和管理员可以从Recon系统中受益，该系统有助于从入侵中恢复，同时保护授权用户的更改。Recon中使用的恢复机制包括执行补偿操作，以消除攻击的影响，并重新执行随后授权的操作。系统管理员可以执行不需要对软件进行任何更改的恢复操作。在本文中，将卷积神经网络与长短期内存一起使用，将应用程序接收到的请求映射到数据库中执行的数据库语句。两个广泛使用的web应用程序，即WordPress和limessurvey，被用来评估Recon。根据调查结果，有可能消除恶意请求的影响，同时以最少的用户输入维护合法的应用程序数据，代价是吞吐量减少1%-2%，存储空间减少2.24-3.1 GB/天，并实现高达98.56%的f1分数。获得的性能结果优于过去的研究的性能开销高达20倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Concurrency and Computation-Practice & Experience 工程技术-计算机：理论方法

CiteScore

5.00

自引率

10.00%

发文量

664

审稿时长

9.6 months

期刊介绍： Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of: Parallel and distributed computing; High-performance computing; Computational and data science; Artificial intelligence and machine learning; Big data applications, algorithms, and systems; Network science; Ontologies and semantics; Security and privacy; Cloud/edge/fog computing; Green computing; and Quantum computing.