Predicting Web Vulnerabilities in Web Applications Based on Machine Learning

Abstract

Building a secure website is time-consuming, expensive and challenging task for web developers. Researchers to identify webpage sinks to address security efforts, as it helps to reduce time and money to secure web application, are introducing different web vulnerabilities prediction models. Some of the well-known web vulnerabilities are SQL Injection, Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF). Different machine learning methods are being employed by the existing vulnerability prediction models to prevent vulnerable components in web applications. However, majority of these methods cannot challenge all web vulnerabilities. Therefore, this paper proposed a method namely NMPREDICTOR to predict vulnerable files in website for vulnerability prediction as a classification problem by predicting legitimate or vulnerable code. In addition, it is an effort to employ the classification on different classifier of machine learning algorithms to judge elimination of vulnerable components. Numerous experiments have been conducted in our study to evaluate the performance of our proposed model. Through our proposed method, we have builds 6 classifiers on a training set of labeled files represented by their software metrics and text features. Additionally, we builds a Meta classifier, which combines the six underlying classifiers i.e. J48, Naive Bayes and Random forest. NMPREDICTOR is evaluated on datasets of three web applications, which offers 223 superior quality vulnerabilities found in PHPMyAdmin, Moodle and Drupal. Our proposed method shows a clearly has an advantage over results of existing studies in case of Drupal, PhpMyAdmin and Moodle.