NORMA eResearch @NCI Library

SSRF threat detection using AI/ML

Kumthe, Laxmi Bhaskar (2024) SSRF threat detection using AI/ML. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
PDF (Master of Science)
Download (536kB) | Preview
[thumbnail of Configuration Manual]
Preview
PDF (Configuration Manual)
Download (466kB) | Preview

Abstract

Server-Side Request Forgery (SSRF) vulnerabilities present serious security threats to web applications, allowing attackers to use these applications as gateways to gain unauthorized access to internal services or execute arbitrary commands. Although SSRF was recognized as a distinct threat in the 2021 OWASP Top 10 list of web security risks and has become more common in contemporary web applications, there is still a notable deficiency in systematic methods for detecting these vulnerabilities effectively. In this study, a machine learning model was developed that integrates Randomforest and Convolutional Neural Networks (CNNs) with Long Short-Term Memory (LSTM) networks for detecting Server-Side Request Forgery (SSRF) attacks to analyze and classify attack patterns effectively. The study involved preprocessing a comprehensive dataset, including feature selection and data balancing, to train the CNN-LSTM model, which achieved an accuracy of 99.65%. In comparison, a RandomForest model was also trained, achieving an accuracy of 98.41%. This high level of accuracy underscores the model’s effectiveness in distinguishing between attack and non-attack scenarios. The GUI provides detailed feedback and logs of the entire prediction process, including preprocessing steps and the detection outcomes. An additional feature includes automated email alerts to notify users of detected attacks, enhancing the system's responsiveness.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Sahni, Vikas
UNSPECIFIED
Uncontrolled Keywords: SSRF; AI/ML; Web application security; RandomForestClassifier; CNNLSTM; SMOTE; Chi2
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QH Natural history > QH301 Biology > Methods of research. Technique. Experimental biology > Data processing. Bioinformatics > Artificial intelligence
Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Artificial intelligence
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Machine learning
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 30 Jul 2025 10:16
Last Modified: 30 Jul 2025 10:16
URI: https://norma.ncirl.ie/id/eprint/8331

Actions (login required)

View Item View Item