Detecting command injection attacks in web applications based on novel deep learning methods

Detecting command injection attacks in web applications based on novel deep learning methods | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Article Detecting command injection attacks in web applications based on novel deep learning methods Xinyu Wang, Jiqiang Zhai, Hailu Yang This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4109164/v1 This work is licensed under a CC BY 4.0 License Status: Published Journal Publication published 26 Oct, 2024 Read the published version in Scientific Reports → Version 1 posted 12 You are reading this latest preprint version Abstract With the continuous advancement of science and technology, while the use of the Internet has brought great convenience to people, it has also aggravated the emergence of network security problems, especially web application security. In the field of web application security, web command injection attacks pose an important security threat, with extremely high levels of harm. Attackers can cause server information leakage or even severe server paralysis by executing relevant malicious commands. As the malicious confusion and number of web application attacks gradually increase, traditional web command injection detection methods have gradually exposed many flaws. These include the model’s feature extraction process being too complex, the model’s poor recognition of malicious code, low recognition efficiency, too high a false positive rate, etc. Under the trend of increasingly serious web security problems, the emergence of artificial intelligence technology has greatly solved network security problems. Therefore, in response to the above problems, we use deep learning technology to propose a new web command injection attack detection model. By combining the relevant features of web command injection attacks, dual CNN convolution channels are used for hybrid feature extraction, the BILSTM network is used to bidirectionally identify the extracted sentence sequence features, and the attention mechanism is combined with the weight distribution of keyword features. We used our model to train and test on two data sets respectively to verify the effectiveness of our proposed feature extraction method and attention mechanism. Experimental results show that our proposed detection method achieves a precision rate of 99.3% and a recall rate of 98.2% in the actual collected dataset. We tested our model on the public HTTP CSIC 2010 dataset, and the experimental results achieved an accuracy of around 99%. Compared with other traditional detections, our proposed model can identify web command injection attacks more effectively. Physical sciences/Mathematics and computing/Computer science Physical sciences/Mathematics and computing/Information technology Physical sciences/Mathematics and computing/Software Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Published Journal Publication published 26 Oct, 2024 Read the published version in Scientific Reports → Version 1 posted Editorial decision: Revision requested 17 Jul, 2024 Reviews received at journal 16 Jul, 2024 Reviewers agreed at journal 30 Jun, 2024 Reviewers agreed at journal 21 May, 2024 Reviews received at journal 20 Apr, 2024 Reviewers agreed at journal 16 Apr, 2024 Reviewers agreed at journal 15 Apr, 2024 Reviewers invited by journal 15 Apr, 2024 Editor assigned by journal 15 Apr, 2024 Editor invited by journal 22 Mar, 2024 Submission checks completed at journal 22 Mar, 2024 First submitted to journal 15 Mar, 2024 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4109164","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Article","associatedPublications":[],"authors":[{"id":328023017,"identity":"bdd51a1c-fc08-40b6-b812-e76338d03b51","order_by":0,"name":"Xinyu Wang","email":"","orcid":"","institution":"Harbin University of Science and Technology","correspondingAuthor":false,"prefix":"","firstName":"Xinyu","middleName":"","lastName":"Wang","suffix":""},{"id":328023018,"identity":"701de9aa-fdc3-4761-b99b-968fc6fd68e6","order_by":1,"name":"Jiqiang Zhai","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA3klEQVRIie3PMQuCQBTA8ScHthy4viDyK1xboNBXeZO3GDiFe5BDtAf1IYK+gBQ02Ro3NOjSbDQFEanRqrYF3X+64f249wB0ul8MAWIUwIunkVLofkeYSBOvHflkdrPZrlnYq2kWDwOnZ62iU0hmDFY0p1pirA+iWExyPCcTRfwMmBw3tYQhlWTPQfmeIryAwHE9MVHmFbELEpDYNxOO/vsXoeQBiFoQRD+obhkov1gy9njjLfZSbm/4cEZ9JbPr/en2rWhRT8oYAit3FNWmjeNlRl6RTtpqWqfT6f6vF59JSWPiTP3WAAAAAElFTkSuQmCC","orcid":"","institution":"Harbin University of Science and Technology","correspondingAuthor":true,"prefix":"","firstName":"Jiqiang","middleName":"","lastName":"Zhai","suffix":""},{"id":328023019,"identity":"ae885443-5c5f-4e55-ae0b-b0e90f32b6e8","order_by":2,"name":"Hailu Yang","email":"","orcid":"","institution":"Harbin University of Science and Technology","correspondingAuthor":false,"prefix":"","firstName":"Hailu","middleName":"","lastName":"Yang","suffix":""}],"badges":[],"createdAt":"2024-03-15 16:00:34","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-4109164/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4109164/v1","draftVersion":[],"editorialEvents":[{"content":"https://doi.org/10.1038/s41598-024-74350-3","type":"published","date":"2024-10-26T15:57:49+00:00"}],"editorialNote":"","failedWorkflow":false,"files":[{"id":67681907,"identity":"2d37526c-6618-41d7-af15-5db20c3e12b7","added_by":"auto","created_at":"2024-10-28 16:11:09","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":20691590,"visible":true,"origin":"","legend":"","description":"","filename":"LatexDetectingcommandinjectionattacksinwebapplicationsbasedonnoveldeeplearningmethods.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4109164/v1_covered_c638fcbf-30cd-4df0-999a-1eaf7b62992b.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Detecting command injection attacks in web applications based on novel deep learning methods","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"scientific-reports","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"scirep","sideBox":"Learn more about [Scientific Reports](http://www.nature.com/srep/)","snPcode":"","submissionUrl":"","title":"Scientific Reports","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Scientific Reports","inReviewEnabled":true,"inReviewRevisionsEnabled":true},"keywords":"","lastPublishedDoi":"10.21203/rs.3.rs-4109164/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4109164/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"With the continuous advancement of science and technology, while the use of the Internet has brought great convenience to people, it has also aggravated the emergence of network security problems, especially web application security. In the field of web application security, web command injection attacks pose an important security threat, with extremely high levels of harm. Attackers can cause server information leakage or even severe server paralysis by executing relevant malicious commands. As the malicious confusion and number of web application attacks gradually increase, traditional web command injection detection methods have gradually exposed many flaws. These include the model’s feature extraction process being too complex, the model’s poor recognition of malicious code, low recognition efficiency, too high a false positive rate, etc. Under the trend of increasingly serious web security problems, the emergence of artificial intelligence technology has greatly solved network security problems. Therefore, in response to the above problems, we use deep learning technology to propose a new web command injection attack detection model. By combining the relevant features of web command injection attacks, dual CNN convolution channels are used for hybrid feature extraction, the BILSTM network is used to bidirectionally identify the extracted sentence sequence features, and the attention mechanism is combined with the weight distribution of keyword features. We used our model to train and test on two data sets respectively to verify the effectiveness of our proposed feature extraction method and attention mechanism. Experimental results show that our proposed detection method achieves a precision rate of 99.3% and a recall rate of 98.2% in the actual collected dataset. We tested our model on the public HTTP CSIC 2010 dataset, and the experimental results achieved an accuracy of around 99%. Compared with other traditional detections, our proposed model can identify web command injection attacks more effectively.","manuscriptTitle":"Detecting command injection attacks in web applications based on novel deep learning methods","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-07-24 09:50:31","doi":"10.21203/rs.3.rs-4109164/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2024-07-17T06:09:06+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-07-16T09:15:53+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"330049887827162395609301313179923400715","date":"2024-07-01T03:59:17+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"325884849130761354606152489362497425947","date":"2024-05-21T07:30:42+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2024-04-20T21:08:31+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"6a52daec-d9ac-4e1c-a4d0-e1b09b9cacd5","date":"2024-04-16T11:11:40+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"6c52cafd-7807-47a0-93eb-4a15b2d7b0e0","date":"2024-04-15T09:55:31+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2024-04-15T08:47:49+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2024-04-15T08:35:36+00:00","index":"","fulltext":""},{"type":"editorInvited","content":"","date":"2024-03-22T16:36:40+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2024-03-22T14:38:17+00:00","index":"","fulltext":""},{"type":"submitted","content":"Scientific Reports","date":"2024-03-15T15:59:08+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"scientific-reports","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"scirep","sideBox":"Learn more about [Scientific Reports](http://www.nature.com/srep/)","snPcode":"","submissionUrl":"","title":"Scientific Reports","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"Scientific Reports","inReviewEnabled":true,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"9b9a3589-a740-4e9b-8535-d349991ecca8","owner":[],"postedDate":"July 24th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"published-in-journal","subjectAreas":[{"id":34717113,"name":"Physical sciences/Mathematics and computing/Computer science"},{"id":34717114,"name":"Physical sciences/Mathematics and computing/Information technology"},{"id":34717115,"name":"Physical sciences/Mathematics and computing/Software"}],"tags":[],"updatedAt":"2024-10-28T16:03:19+00:00","versionOfRecord":{"articleIdentity":"rs-4109164","link":"https://doi.org/10.1038/s41598-024-74350-3","journal":{"identity":"scientific-reports","isVorOnly":false,"title":"Scientific Reports"},"publishedOn":"2024-10-26 15:57:49","publishedOnDateReadable":"October 26th, 2024"},"versionCreatedAt":"2024-07-24 09:50:31","video":"","vorDoi":"10.1038/s41598-024-74350-3","vorDoiUrl":"https://doi.org/10.1038/s41598-024-74350-3","workflowStages":[]},"version":"v1","identity":"rs-4109164","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4109164","identity":"rs-4109164","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}