Viet Nam National University Ho Chi Minh City Logo

VNUHCM Journal of

Science and Technology Development

An official journal of Viet Nam National University Ho Chi Minh City, Viet Nam since 1997

ISSN: 1859-0128
Register Login
Section: NATURAL SCIENCES Open Access Logo

Deception and Continuous Training Approach for Web Attack Detection using Cyber Traps and MLOps

Van-Hau Pham 1, 2, *
Hoang Khoa Nghi 1, 2
Huu Quyen Nguyen 1, 2
Duy The Phan 1, 2

  1. Information Security Laboratory, University of Information Technology, Ho Chi Minh city, Vietnam
  2. Vietnam National University, Ho Chi Minh city, Vietnam
Correspondence to: Van-Hau Pham, Information Security Laboratory, University of Information Technology, Ho Chi Minh city, Vietnam; Vietnam National University, Ho Chi Minh city, Vietnam. Email: haupv@uit.edu.vn.
Volume & Issue: Vol. 26 No. 2 (2023) | Page No.: 2729-2740 | DOI: 10.32508/stdj.v26i2.4044
Published: 2023-06-30

Online metrics

Statistics from the website

  • Abstract Views: 1235
  • Galley Views: 594

Statistics from Dimensions

Statistics from PlumX
Copyright © 2023 by the author(s).

Copyright The Author(s) 2023. This article is published with open access by Vietnam National University, Ho Chi Minh city, Vietnam. This article is distributed under the terms of the Creative Commons Attribution License (CC-BY 4.0) which permits any use, distribution, and reproduction in any medium, provided the original author(s) and the source are credited. 

Abstract

With the growth and expansion of the internet, web attacks have become more powerful and pose a significant threat in the cyber world. In response to this, this paper presents a deceptive approach for gathering malicious behavior to understand the strategies used by web attackers. The harmful requests collected through cyber traps or honeypots are analyzed and used to train machine learning (ML) models for web attack detection. Additionally, we implement an ML operations (MLOps) pipeline to automate the continuous training and deployment of these ML models in defensive systems. This pipeline trains the production model with newly collected data by using predefined triggers. Our experiments on two datasets, including Fwaf and our own, demonstrate that a proactive and continuous approach to tracking adversary behavior can effectively detect zero-day attacks, such as CVE-2022-26134 in web application servers.

Keywords: Web attack detecction; Cyber trap; Cyberattack detection; Cyber Deception.

Comments