Técnicas de aprendizaje automático aplicadas a la mejora de detección de ataques en aplicaciones Web

Resum

Application portals and web services are often one of the gateways for launching attacks and other types of malicious activities against companies and various types of entities. From banks to e-commerce sites, healthcare systems infrastructures, judicial systems, etc., the potential economic, reputational, information leakage and other types of damage caused not only to organizations, but also to legitimate users of web applications and services by an attack, are incalculable. In an effort to provide an additional layer of protection against this type of attacks, there has been abundant research on web protection techniques: from a more classical approach based on protection rules that need to be constantly updated to techniques based on anomaly detection, the number of studies on anomaly detection techniques is increasing. With this thesis, we aim to contribute to strengthen the knowledge on anomaly detection techniques through three articles that provide knowledge to the scientific community through the first systematic literature review of anomaly detection techniques applied to web application protection. Subsequently, a new methodology for the objective comparison of web protection tools is proposed, demonstrating its applicability by comparing different WAF and RASP tools. Finally, a new multi-label dataset is provided to the scientific community to train new classification model designs capable of identifying web attacks by means of CAPEC attack patterns.