Have a personal or library account? Click to login
The future of web application security: Opportunities and challenges for machine learning-based techniques Cover

The future of web application security: Opportunities and challenges for machine learning-based techniques

International Journal of Mathematics and Computer in Engineering
AHEAD OF PRINT
By: Bolanle Eunice Oduleye  
Open Access
|Jan 2026

Figures & Tables

Fig. 1

ML roles in various industry [41].
ML roles in various industry [41].

Fig. 2

Web security typical architecture [16].
Web security typical architecture [16].

Fig. 3

A brief overview of different types of networking attacks.
A brief overview of different types of networking attacks.

Fig. 4

Number of incidents in 2021 and 2022 (by quarter) [60].
Number of incidents in 2021 and 2022 (by quarter) [60].

Fig. 5

Percentage of incidents involving attacks on web resources in 2021 and 2022 [60].
Percentage of incidents involving attacks on web resources in 2021 and 2022 [60].

Fig. 6

Types of data stolen (in successful attacks on organizations) [60].
Types of data stolen (in successful attacks on organizations) [60].

Fig. 7

Use of spyware in attacks on individuals [60].
Use of spyware in attacks on individuals [60].

Fig. 8

Methods of spyware distribution in successful attacks on individuals [60].
Methods of spyware distribution in successful attacks on individuals [60].

Fig. 9

Distribution of ransomware incidents by industry [60].
Distribution of ransomware incidents by industry [60].

Fig. 10

Consequences of ransomware attacks (percentage of successful attacks) [60].
Consequences of ransomware attacks (percentage of successful attacks) [60].

Fig. 11

Share of incidents with the use of social engineering [60].
Share of incidents with the use of social engineering [60].

Fig. 12

Consequences of attacks on IT companies (percentage of successful attacks) [60].
Consequences of attacks on IT companies (percentage of successful attacks) [60].

Machine learning algorithms in web application security_

Learning TypeAlgorithmDescription
SupervisedDecision TreesSimple yet effective techniques that may be applied to classification and regression problems. They operate by repeatedly dividing the data into subgroups depending on the value of a feature until a stopping rerequirement is satisfied [16, 62, 63]
SupervisedSVMsBinary classifiers that locate the hyperplane that most effectively distinguishes between the two classes. They may be taught to handle non-linear decision limits and are especially helpful for high-dimensional data [63].
SupervisedNeural NetworkA method for ML that is fashioned after the human brain. They are made up of layers of linked neurons, or nodes, that are capable of learning sophisticated representations of the incoming data [16, 62, 63].
UnsupervisedK-means ClusteringA quick and effective technique that divides the data into k groups according to how similar the data points are to one another. It may be applied to finding malicious activity clusters and anomaly detection [16, 63].
UnsupervisedPCAA method for lowering the dimensionality of high-dimensional data while maintaining as much of the variance as feasible by projecting it onto a lower-dimensional subspace.
Deep LearningCNNsParticularly effective for image and video recognition tasks and have been used for detecting malicious behavior in network traffic [63].
Deep LearningRNNsWell-suited for sequential data and have been used for detecting attacks that occur over time, such as SQL injection and cross-site scripting [63].

Comparing ML and web application security based on the tools, algorithms, applications, and types_

ComparisonMLWeb Application Security
ToolsScikit-learn, TensorFlow PyTorch, Keras, XGBoost, LightGBM, Cae, Theano, RapidMiner, KNIME, WekaWeb Application Firewalls (WAFs), ModSecurity, OWASP Zap, Acunetix, Burp Suite, Qualys, Nessus, OWASP Dependency Check Nikto, AppSpider, Nexpose, Vega, Wireshark, Zed Attack Proxy
AlgorithmsSupport Vector Machines (SVM), Random Forest (RF), Neural Networks (NN), Naive Bayes (NB), K-Nearest Neighbors (KNN), Decision Tress, Gradient Boosting Ma chine (GBM)Cross-Site Scripting (XSS) Pre vention, SQL Injection Detection, Anomaly Detection, Genetic Algo rithms for security optimization
ApplicationNatural Language Pro cessing (NLP), Image Recognition, Fraud Detection, Predictivee Maintenance, Recom mender Systems, Speech Recognition, Time series Forecasting.Secure Coding, Authentication, Ses sion Management, Input Validation, API Security, DDoS Detection and Mitigation, Intelligent Bot Protec tion, Code Review (Static and Dy namic Analysis), Web application security scanning (SAST, DAST), Cryptographic Implementation for Data Protection.
TypeSupervised Learning, Unsupervised Learning, Reinforcement Learn ing, Semi-Supervised Learning, Meta-Learning, Self-Supervised LearningPreventive Measures, Detect and Respond, Secure Software Devel opment Lifecycle (SDLC), Incident Response, Continuous Monitoring, Threat Modeling and Simulation, Content Security Policy (CSP) Implementation

Future directions in ML-based web application security_

Research AreaDescription
Improved accuracy and efficiencyOne of the biggest challenges facing ML-based web application security techniques is achieving high accuracy while also maintaining efficiency. As algorithms continue to develop and data sets become larger, there may be opportunities to improve the accuracy and efficiency of these techniques.
Better integration with existing security measuresML-based techniques can complement traditional security measures such as firewalls and intrusion detection systems. Future research may focus on findin ways to integrate ML-based techniques with these existing measures to improve overall security.
Greater focus on real-time detectionMany current ML-based web application security techniques are designed to detect threats in batch processing mode. However, as attacks become more sophisticated, there is a need for real-time detection and response. Future research may focus on developing real-time detection methods that can quickly identify and respond to potential threats.
Improved scalabilityAs web applications continue to grow in complexity and scale, ML-based techniques must be able to keep up. Future research may focus on developing techniques that can scale to handle larger and more complex web applications.
Integration of explainable AIAs ML-based techniques are increasingly adopted in the field of web application security, there is a need for greater transparency and accountability in how these techniques work. Explainable AI, which refers to the ability of algorithms to provide understandable explanations for their decisions, may be a useful tool for achieving greater transparency and accountability.
Adversarial MLAdversarial ML involves designing attacks specifically to fool ML-based algorithms. This is a growing concern in the field of web application security, as attackers may use adversarial ML to circumvent security measures. Future research may focus on developing techniques that are more resistant to adversarial attacks.
Automated responseML-based techniques can also be used to automate responses to security threats. ML algorithm could automatically block traffic from a particular IP address if it is determined to be malicious. Future research may focus on developing automated response systems that can quickly and effectively respond to potential threats.

Overview of network protocols and their functions_

ProtocolLevelDescription
TCP/IPApplication, Transport, Internet, Network, AccessA protocol with four levels that is still in use. The Network Access level serves as the physical layer. The Internet Level, which contains several protocols including the Internet Protocol (IP), is in charge of transferring data for the whole network. The most used protocol for connecting devices to the internet, IPv4, has an addressing system that can only hold lit tle more than four million addresses. IPv6 can store a greater number of addresses [49].
ICMPInternetGives information about network issues and is used for network diagnostics [27].
ARPInternetEmployed by IPv4, it converts addresses with a specific number of bits into addresses with a larger num ber of bits. Functions at the OSI Models layers two and three [27].
DNS Converts domain names into IP addresses so that web browsers may access resources. Frequently neglected when it comes to the infrastructure of network secu rity, and out-of-date defenses leave it open to assaults [25].
BGP Transmits data over networks and enables routers to learn about IP address blocks and choose eective routes. Has not changed much over time and is open to abuse. Version 4 of BGP, the most recent release, was created in 2006 [4, 50].
DOI: https://doi.org/10.2478/ijmce-2026-0002 | Journal eISSN: 2956-7068
Journal RSS Feed
Language: English
Submitted on: Apr 16, 2024
|
Accepted on: Nov 28, 2024
|
Published on: Jan 29, 2026
Published by: Harran University
In partnership with: Paradigm Publishing Services
Publication frequency: 2 issues per year
Keywords:
Supervised and unsupervised learning,
real-time detection,
scalability,
explainable AI,
adversarial ML,
automated response
Related subjects:
Computer sciences,
Computer sciences, other,
Engineering,
Introductions and overviews,
Engineering, other,
Mathematics,
General mathematics,
Physics,
Physics, other

© 2026 Bolanle Eunice Oduleye, published by Harran University
This work is licensed under the Creative Commons Attribution 4.0 License.

AHEAD OF PRINT