Tools
Tools
Kumthe, Laxmi Bhaskar (2024) SSRF threat detection using AI/ML. Masters thesis, Dublin, National College of Ireland.
Preview |
PDF (Master of Science)
Download (536kB) | Preview |
Preview |
PDF (Configuration Manual)
Download (466kB) | Preview |
Abstract
Server-Side Request Forgery (SSRF) vulnerabilities present serious security threats to web applications, allowing attackers to use these applications as gateways to gain unauthorized access to internal services or execute arbitrary commands. Although SSRF was recognized as a distinct threat in the 2021 OWASP Top 10 list of web security risks and has become more common in contemporary web applications, there is still a notable deficiency in systematic methods for detecting these vulnerabilities effectively. In this study, a machine learning model was developed that integrates Randomforest and Convolutional Neural Networks (CNNs) with Long Short-Term Memory (LSTM) networks for detecting Server-Side Request Forgery (SSRF) attacks to analyze and classify attack patterns effectively. The study involved preprocessing a comprehensive dataset, including feature selection and data balancing, to train the CNN-LSTM model, which achieved an accuracy of 99.65%. In comparison, a RandomForest model was also trained, achieving an accuracy of 98.41%. This high level of accuracy underscores the model’s effectiveness in distinguishing between attack and non-attack scenarios. The GUI provides detailed feedback and logs of the entire prediction process, including preprocessing steps and the detection outcomes. An additional feature includes automated email alerts to notify users of detected attacks, enhancing the system's responsiveness.
Actions (login required)
 |
View Item |