A Machine Learning-Based Detection for Parameter Tampering Vulnerabilities in Web Applications Using BERT Embeddings
Guardado en:
| Publicado en: | Symmetry vol. 17, no. 7 (2025), p. 985-1000 |
|---|---|
| Autor principal: | |
| Otros Autores: | |
| Publicado: |
MDPI AG
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text + Graphics Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3233254152 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2073-8994 | ||
| 024 | 7 | |a 10.3390/sym17070985 |2 doi | |
| 035 | |a 3233254152 | ||
| 045 | 2 | |b d20250101 |b d20251231 | |
| 084 | |a 231635 |2 nlm | ||
| 100 | 1 | |a Yun Sun Young |u Graduate School of Public Policy and IT, Seoul National University of Science and Technology, Seoul 01811, Republic of Korea; juna77@seoultech.ac.kr | |
| 245 | 1 | |a A Machine Learning-Based Detection for Parameter Tampering Vulnerabilities in Web Applications Using BERT Embeddings | |
| 260 | |b MDPI AG |c 2025 | ||
| 513 | |a Journal Article | ||
| 520 | 3 | |a The widespread adoption of web applications has led to a significant increase in the number of automated cyberattacks. Parameter tampering attacks pose a substantial security threat, enabling privilege escalation and unauthorized data exfiltration. Traditional pattern-based detection tools exhibit limited efficacy against such threats, as identical parameters may produce varying response patterns contingent on their processing context, including security filtering mechanisms. This study proposes a machine learning-based detection model to address these limitations by identifying parameter tampering vulnerabilities through a contextual analysis. The training dataset aggregates real-world vulnerability cases collected from web crawls, public vulnerability databases, and penetration testing reports. The Synthetic Minority Over-sampling Technique (SMOTE) was employed to address the data imbalance during training. Recall was adopted as the primary evaluation metric to prioritize the detection of true vulnerabilities. Comparative analysis showed that the XGBoost model demonstrated superior performance and was selected as the detection model. Validation was performed using web URLs with known parameter tampering vulnerabilities, achieving a detection rate of 73.3%, outperforming existing open-source automated tools. The proposed model enhances vulnerability detection by incorporating semantic representations of parameters and their values using BERT embeddings, enabling the system to learn contextual characteristics beyond the capabilities of pattern-based methods. These findings suggest the potential of the proposed method for scalable, efficient, and automated security diagnostics in large-scale web environments. | |
| 653 | |a Forgery | ||
| 653 | |a Machine learning | ||
| 653 | |a Parameter identification | ||
| 653 | |a Accuracy | ||
| 653 | |a Datasets | ||
| 653 | |a Security | ||
| 653 | |a Artificial intelligence | ||
| 653 | |a Applications programs | ||
| 653 | |a Exploitation | ||
| 653 | |a Open source software | ||
| 653 | |a Fraud prevention | ||
| 653 | |a Cybersecurity | ||
| 653 | |a Automation | ||
| 653 | |a Access control | ||
| 700 | 1 | |a Nam-Wook, Cho |u Department of Industrial and Information Systems Engineering, Seoul National University of Science and Technology, Seoul 01811, Republic of Korea | |
| 773 | 0 | |t Symmetry |g vol. 17, no. 7 (2025), p. 985-1000 | |
| 786 | 0 | |d ProQuest |t Engineering Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3233254152/abstract/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text + Graphics |u https://www.proquest.com/docview/3233254152/fulltextwithgraphics/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3233254152/fulltextPDF/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |