NEURAL NETWORK WORLD, cilt.29, sa.4, ss.189-206, 2019 (SCI-Expanded)
Attacks on web applications and web-based services were conducted using Hyper-Text Transfer Protocol (HTTP), which is also used as the communication protocol of web-based applications. Due to the dynamic structure of web applications and the fact that they have many variables, detection and prevention of web-based attacks are made more difficult. In this study, a hybrid learning-based web application firewall (WAF) model is proposed to prevent web-based attacks, by using signature-based detection (SBD) and anomaly-based detection (ABD). Detection of known web-based attacks is done by using SBD, while detection of anomaly HTTP requests is done by using ABD. Learning-based ABD is implemented by using Artificial Neural Networks (ANN). Thus, an adaptation of the model against zero-day attacks is ensured by learning-based ABD by using ANN. The proposed model is tested by using WAF 2015, CSIC 2010 and ECML-PKDD datasets which are open source datasets. According to the test results, a high mean achievement percentage (96.59%) was obtained. Detection results are also compared to previous studies. After comparison, the proposed model promises higher performance than what the existing studies until now have to offer.