The future of web application security: Opportunities and challenges for machine learning-based techniques

Oduleye, Bolanle Eunice

doi:10.2478/ijmce-2026-0002

Abstract

In this paper, the future prospects and potential for machine learning-based solutions in web application security are examined. These include enhancing accuracy and efficiency, real-time detection, scaling, explainable Artificial Intelligence (AI), adversarial machine learning, and automated response. The article also gives a general overview of Machine Learning (ML) methods that are frequently applied to web application security, including supervised learning methods like decision trees, Support Vector Machines (SVMs), and neural networks, unsupervised learning methods like k-means clustering and Principal Component Analysis (PCA), and deep learning methods such as Convolutional Neural Networks (CNNs) and Recurrent Neural Networks (RNNs). The incorporation of machine learning-based approaches into security measures will be more necessary as online applications continue to develop in order to meet new threats.

References

Badawy A.M., Technology management simply defined: A tweet plus two characters, Journal of Engineering and Technology Management, 26(4), 219–224, 2009.
Search in Google Scholar Back to article
Ponnapalli H.K.B., Saxena A., A digital signature architecture for web apps, IT Professional, 15(2), 42–49, 2013.
Search in Google Scholar Back to article
Abomhara M., Køien G.M., Cyber security and the internet of things: vulnerabilities, threats, intruders, and attacks, Journal of Cyber Security and Mobility, 4, 65–88, 2015.
Search in Google Scholar Back to article
Kumar R., Khan A.I., Abushark Y.B., Alam M.M., Agrawal A., Khan R.A., An integrated approach of fuzzy logic, AHP, and TOPSIS for estimating usable-security of web applications, IEEE Access, 8, 50944–50957, 2020.
Search in Google Scholar Back to article
Aydos M., Aldan Ç., Co¸skun E., Soydan A., Security testing of web applications: A systematic mapping of the literature, Journal of King Saud University - Computer and Information Sciences, 34(9), 6775–6792, 2022.
Search in Google Scholar Back to article
Genge B., Kiss I., Haller P., A system dynamics approach for assessing the impact of cyber-attacks on critical infrastructures, International Journal of Critical Infrastructure Protection, 10, 3–17, 2015.
Search in Google Scholar Back to article
Tao F., Akhtar M.S., Jiayuan Z., The future of artificial intelligence in cybersecurity: A comprehensive survey, EAI Endorsed Transactions on Creative Technologies, 8(28), e3, 2021.
Search in Google Scholar Back to article
Alawida M., Omolara A.E., Abiodun O.I., Al-Rajab M., A deeper look into cybersecurity issues in the wake of Covid-19: A survey, Journal of King Saud University–Computer and Information Sciences, 34(10), 8176–8206, 2022.
Search in Google Scholar Back to article
Cui L., Yang S., Chen F., Ming Z., Lu N., Qin J., A survey on application of machine learning for internet of things, International Journal of Machine Learning and Cybernetics, 9, 1399–1417, 2018.
Search in Google Scholar Back to article
Al-Garadi M.A., Mohamed A., Al-Ali A.K., Du X., Ali I., Guizani M., A survey of machine and deep learning methods for internet of things (IoT) security, IEEE Communications Surveys & Tutorials, 22(3), 1646–1685, 2020.
Search in Google Scholar Back to article
Nguyen T.T., Reddi V.J., Deep reinforcement learning for cyber security, IEEE Transactions on Neural Networks and Learning Systems, 34(8), 3779–3795, 2021.
Search in Google Scholar Back to article
Venketeswaran A., Lalam N., Wuenschell J., Ohodnicki P.R., Badar M., Chen K.P., Lu P., Duan Y., Chorpening B., Buric M., Recent advances in machine learning for fiber optic sensor applications, Advanced Intelligent Systems, 4(1), 2100067, 2021.
Search in Google Scholar Back to article
Antoniadi A.M., Du Y., Guendouz Y., Wei L., Mazo C., Becker B.A., Mooney C., Current challenges and future opportunities for XAI in machine learning-based clinical decision support systems: A systematic review, Applied Sciences, 11(11), 5088, 2021.
Search in Google Scholar Back to article
Macas M., Wu C., Fuertes W., A survey on deep learning for cybersecurity: Progress, challenges, and opportunities, Computer Networks, 212, 109032, 2022.
Search in Google Scholar Back to article
Seng L.K., Ithnin N., Said S.Z.M., The approaches to quantify web application security scanners quality: A review, International Journal of Advanced Computer Research, 8(38), 285–312, 2018.
Search in Google Scholar Back to article
https://www.alifconsulting.com/post/azure-vms-security-overview, Accessed: December 6, 2023.
Search in Google Scholar Back to article
Bowen B.M., Hershkop S., Keromytis A.D., Stolfo S.J., Security and Privacy in Communication Networks, (Chapter 3: Baiting inside attackers using decoy documents), Security and Privacy in Communication Networks, 14–18 September 2009, Athens, Greece.
Search in Google Scholar Back to article
AbouTrab M.S., Brockway M., Counsell S., Hierons R.M., Testing real-time embedded systems using timed automata based approaches, Journal of Systems and Software, 86(5), 1209–1223, 2013.
Search in Google Scholar Back to article
Abolfazli S., Sanaei Z., Alizadeh M., Gani A., Xia F., An experimental analysis on cloud-based mobile augmentation in mobile cloud computing, IEEE Transactions on Consumer Electronics, 60(1), 146–154, 2014.
Search in Google Scholar Back to article
Aazam M., Zeadally S., Harras K.A., Deploying fog computing in industrial internet of things and industry 4.0, IEEE Transactions on Industrial Informatics, 14(10), 4674–4682, 2018.
Search in Google Scholar Back to article
Xu L.D., Xu E.L., Li L., Industry 4.0: State of the art and future trends, International Journal of Production Research, 56(8), 2941–2962, 2018.
Search in Google Scholar Back to article
Oztemel E., Gursev S., Literature review of Industry 4.0 and related technologies, Journal of Intelligent Manufacturing, 31, 127–182, 2020.
Search in Google Scholar Back to article
Kaka H., Zhang E., Khan N., Artificial intelligence and deep learning in neuroradiology: Exploring the new frontier, Canadian Association of Radiologists Journal, 72(1), 35–44, 2020.
Search in Google Scholar Back to article
Sönmez F.Ö., Security qualitative metrics for open web application security project compliance, Procedia Computer Science, 151, 998–1003, 2019.
Search in Google Scholar Back to article
Safianu O., Twum F., Hayfron-Acquah J.B., Information system security threats and vulnerabilities: Evaluating the human factor in data protection, International Journal of Computer Applications, 143(5), 8–14, 2016.
Search in Google Scholar Back to article
Appiah V., Asante M., Nti I.K., Nyarko-Boateng O., Survey of websites and web application security threats using vulnerability assessment, Journal of Computer Science, 15(10), 1341–1354, 2019.
Search in Google Scholar Back to article
Althunayyan M., Saxena N., Li S., Gope P., Evaluation of black-box web application security scanners in detecting injection vulnerabilities, Electronics, 11(13), 2049, 2022.
Search in Google Scholar Back to article
Aminanto M.E., Ban T., Isawa R., Takahashi T., Inoue D., Threat alert prioritization using isolation forest and stacked auto encoder with day-forward-chaining analysis, IEEE Access, 8, 217977–217986, 2020.
Search in Google Scholar Back to article
Lin Y.D, Liu Z.Q., Hwang R.H., Nguyen V.L., Lin P.C., Lai Y.C., Machine learning with variational AutoEncoder for imbalanced datasets in intrusion detection, IEEE Access, 10, 15247–15260, 2022.
Search in Google Scholar Back to article
Mirza B., Haroon D., Khan B., Padhani A., Syed T.Q., Deep generative models to counter class imbalance: A modelmetric mapping with proportion calibration methodology, IEEE Access, 9, 55879–55897, 2021.
Search in Google Scholar Back to article
Hashemi S.K., Mirtaheri S.L., Greco S., Fraud detection in banking data by machine learning techniques, IEEE Access, 11, 3034–3043, 2022.
Search in Google Scholar Back to article
D’Alconzo A., Drago I., Morichetta A., Mellia M., Casas P., A survey on big data for network traffic monitoring and analysis, IEEE Transactions on Network and Service Management, 16(3), 800–813, 2019.
Search in Google Scholar Back to article
Natalino C., Schiano M., Giglio A.D., Wosinska L., Furdek M., Experimental study of machine-learning-based detection and identification of physical-layer attacks in optical networks, Journal of Lightwave Technology, 37(16), 4173–4182, 2019.
Search in Google Scholar Back to article
Ray P.P., A survey on internet of things architectures, Journal of King Saud University–Computer and Information Sciences, 30(3), 291–319, 2018.
Search in Google Scholar Back to article
Attaran M., The impact of 5G on the evolution of intelligent automation and industry digitization, Journal of Ambient Intelligence and Humanized Computing, 14(5), 5977–5993, 2023.
Search in Google Scholar Back to article
Alshamrani A., Myneni S., Chowdhary A., Huang D., A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities, IEEE Communications Surveys & Tutorials, 21(2), 1851–1877, 2019.
Search in Google Scholar Back to article
Chaabouni N., Mosbah M., Zemmari A., Sauvignac C., Faruki P., Network intrusion detection for IoT security based on learning techniques, IEEE Communications Surveys & Tutorials, 21(3), 2671–2701, 2019.
Search in Google Scholar Back to article
Bolla R., Bruschi R., Davoli F., Cucchietti F., Energy efficiency in the future internet: A survey of existing approaches and trends in energy-aware fixed network infrastructures, IEEE Communications Surveys & Tutorials, 13(2), 223–244, 2010.
Search in Google Scholar Back to article
Negandhi P., Trivedi Y., Mangrulkar R., Emerging Research in Computing, Information, Communication and Applications (Chapter 43: Intrusion detection system using random forest on the NSL-KDD dataset), 27–28 July 2018, Karnataka, India.
Search in Google Scholar Back to article
Sultana N., Chilamkurti N., Peng W., Alhadad R., Survey on SDN based network intrusion detection system using machine learning approaches, Peer-to-Peer Networking and Applications, 12, 493–501, 2019.
Search in Google Scholar Back to article
https://www.opensourceforu.com/2020/05/machine-learning-and-deep-learning-a-perspective-on-the-future/, Accessed: May 13, 2020.
Search in Google Scholar Back to article
Habtamu G.T., Kassahun A.Y., A systematic review of botnet detection system using deep learning and machine learning approaches, SSRN Electronic Journal, 4256438, 1–10, 2022.
Search in Google Scholar Back to article
Boutaba R., Salahuddin M.A., Limam N., Ayoubi S., Shahriar N., Estrada-Solano F., Caicedo O.M., A comprehensive survey on machine learning for networking: Evolution, applications and research opportunities, Journal of Internet Services and Applications, 9(16), 1–99, 2018.
Search in Google Scholar Back to article
Wang M., Cui Y., Wang X., Xiao S., Jiang J., Machine learning for networking: Workflow, advances and opportunities, IEEE Network, 32(2), 92–99, 2017.
Search in Google Scholar Back to article
Bhutani G., Application of machine-learning based prediction techniques in wireless networks, International Journal of Communications Network and System Sciences, 7(5), 131–140, 2014.
Search in Google Scholar Back to article
Usama M., Qadir J., Raza A., Arif H., Yau K.L.A., Elkhatib Y., Unsupervised machine learning for networking: Techniques, applications and research challenges, IEEE Access, 7, 65579–65615, 2019.
Search in Google Scholar Back to article
Fang W., Tan X., Wilbur D., Application of intrusion detection technology in network safety based on machine learning, Safety Science, 124, 104604, 2020.
Search in Google Scholar Back to article
Kulin M., Kazaz T., Poorter E.D., Moerman I., A survey on machine learning-based performance improvement of wireless networks: PHY MAC and network layer, Electronics, 10(3), 318, 2021.
Search in Google Scholar Back to article
Rodrigues J.J.P.C., Neves P.A.C.S., A survey on IP-based wireless sensor network solutions, International Journal of Communication Systems, 23(8), 963–981, 2010.
Search in Google Scholar Back to article
Alzahrani F.A., Fuzzy based decision-making approach for estimating usable-security of healthcare web applications, Computers Materials & Continua, 66(3), 2599–2625, 2021.
Search in Google Scholar Back to article
Olalere M., Abdullah M.T., Mahmod R., Abdullah A., A review of bring your own device on security issues, SAGE Open, 5(2), 1–11, 2015.
Search in Google Scholar Back to article
Ahmad I., Namal S., Ylianttila M., Gurtov A., Security in software defined networks: A survey, IEEE Communications Surveys & Tutorials, 17(4), 2317–2346, 2015.
Search in Google Scholar Back to article
Cerf V.G., The fragmentation of the internet, IEEE Internet Computing, 20(1), 88-c3, 2016.
Search in Google Scholar Back to article
Brar H.S., Kumar G., Cybercrimes: A proposed taxonomy and challenges, Journal of Computer Networks and Communications, 2018(D 1798659), 1–11, 2018.
Search in Google Scholar Back to article
Fonseca O., Cunha Í., Fazzion E., Meira W., Silva B.A.D., Ferreira R.A., Katz-Bassett E., Identifying networks vulnerable to IP spoofing, IEEE Transactions on Network and Service Management, 18(3), 3170–3183, 2021.
Search in Google Scholar Back to article
Toprak S., Yavuz A.G., Web application firewall based on anomaly detection using deep learning, Acta Infologica, 6(2), 219–244, 2022.
Search in Google Scholar Back to article
Patcha A., Park J.M., An overview of anomaly detection techniques: Existing solutions and latest technological trends, Computer Networks, 51(12), 3448–3470, 2007.
Search in Google Scholar Back to article
Praseed A., Thilagam P.S., DDoS attacks at the application layer: Challenges and research perspectives for safeguarding web applications, IEEE Communications Surveys & Tutorials, 21(1), 661–685, 2018.
Search in Google Scholar Back to article
Chang R.K.C., Defending against flooding-based distributed denial-of-service attacks: A tutorial, IEEE Communications Magazine, 40(10), 42–51, 2002.
Search in Google Scholar Back to article
https://global.ptsecurity.com/analytics/cybersecurity-threatscape-2022-rundown, Accessed: April 16, 2024.
Search in Google Scholar Back to article
Alenezi M., Agrawal A., Kumar R., Khan R.A., Evaluating performance of web application security through a fuzzy based hybrid multi-criteria decision-making approach: Design tactics perspective, IEEE Access, 8, 25543–25556, 2020.
Search in Google Scholar Back to article
Iskandar A., Tuasamu M.R.F., Syamsu S., Mansyur M., Listyorini T., Sallu S., Supriyono S., Saddhono K., Napitupulu D., Rahim R., Web based testing application security system using semantic comparison method, IOP Conference Series: Materials Science and Engineering, 420, 012122, 19–20 July 2018, Medan, Indonesia.
Search in Google Scholar Back to article
Chora´s M., Kozik R., Machine learning techniques applied to detect cyber attacks on web applications, Logic Journal of IGPL, 23(1), 45–56, 2014.
Search in Google Scholar Back to article
Santos R.J., Bernardino J., Vieira M., Approaches and challenges in database intrusion detection, SIGMOD Record, 43(3), 36–47, 2014.
Search in Google Scholar Back to article
Alghawazi M., Alghazzawi D., Alarifi S., Detection of SQL injection attack using machine learning techniques: A systematic literature review, Journal of Cybersecurity and Privacy, 2(4), 764–777, 2022.
Search in Google Scholar Back to article
Li X., Xue Y., A survey on server-side approaches to securing web applications, ACM Computing Surveys, 46(4), 1–29, 2014.
Search in Google Scholar Back to article
Sabir B., Ullah F., Babar M.A., Gaire R., Machine learning for detecting data exfiltration: A review, ACM Computing Surveys, 54(3), 1–47, 2021.
Search in Google Scholar Back to article
Chen Z., Liu J., Shen Y., Simsek M., Kantarci B., Mouftah H.T., Djukic P., Machine learning-enabled IoT security: Open issues and challenges under advanced persistent threats, ACM Computing Surveys, 55(5), 1–37, 2022.
Search in Google Scholar Back to article
Ahmetoglu H., Das R., A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions, Internet of Things, 20, 100615, 2022.
Search in Google Scholar Back to article
Zhao J., Masood R., Seneviratne S., A review of computer vision methods in network security, IEEE Communications Surveys & Tutorials, 23(3), 1838–1878, 2021.
Search in Google Scholar Back to article
Melacci S., Ciravegna G., Sotgiu A., Demontis A., Biggio B., Gori M., Roli F., Domain knowledge alleviates adversarial attacks in multi-label classifiers, IEEE Transactions on Pattern Analysis and Machine Intelligence, 44(12), 9944–9959, 2021.
Search in Google Scholar Back to article
Xu M., Zhang T., Li Z., Zhang D., InfoAT: Improving adversarial training using the information bottleneck principle, IEEE Transactions on Neural Networks and Learning Systems, 35(1), 1255–1264, 2022.
Search in Google Scholar Back to article
Yener B., Gal T., Cybersecurity in the era of data science: Examining new adversarial models, IEEE Security & Privacy, 17, 46–53, 2019.
Search in Google Scholar Back to article
Vitorino J., Oliveira N., Praça I., Adaptative perturbation patterns: Realistic adversarial learning for robust intrusion detection, Future Internet, 14(4), 108, 2022.
Search in Google Scholar Back to article
Rajan M., Choksey M., Jose J., Runtime Detection of Time-Delay Security Attack in System-an-chip, 15th IEEE/ACM International Workshop on Network on Chip Architectures, 2 October 2022, Chicago, USA.
Search in Google Scholar Back to article
Rudrabhatla C.K., A quantitative approach for estimating the scaling thresholds and step policies in a distributed microservice architecture, IEEE Access, 8, 180246–180254, 2020.
Search in Google Scholar Back to article

The future of web application security: Opportunities and challenges for machine learning-based techniques

Abstract

Paradigm

My account