Securing Modern Web Applications Using AI-Driven Static and Dynamic Analysis Techniques
DOI:
https://doi.org/10.63282/3050-9262.IJAIDSML-V6I2P108Keywords:
Web Security, Artificial Intelligence, Static Analysis, Dynamic Analysis, Machine Learning, Vulnerability DetectionAbstract
The application layer in the modern web, developed for various purposes such as banking, social networking, etc., is widely exposed to cyber threats due to loopholes in application architecture. To address these issues, it has been found that the incorporation of AI in security analysis has been quite effective. In this paper, the author scrutinizes the manner in which static and dynamic analysis methods propelled by artificial intelligence can strengthen the security of the current web-intensified applications. Here, we see the very essence of modern web applications and identify the significant increase in the number and depth of threats. We then provide a comparative analysis of traditional and AI methods for detecting vulnerabilities. What pertains to static analysis that analyzes code without executing it is discussed regarding applying machine learning classifiers and code understanding based on NLP. On the other hand, dynamic analysis that involves determining the behavior of an application in operation can rely on reinforcement learning and anomaly detection. In this paper, we propose a framework that incorporates both approaches which is well demonstrated through an actual e-commerce environment. Given outcomes suggest a gain in the number of birds detected, minimized false alarms, and quicker response time. It also covers implementation issues such as the lack of datasets and generalizing and incorporating the model into the DevSecOps pipeline. In conclusion, incorporating AI-based analysis provides an active and elastic approach to safeguard web applications against existing and arising hazards
References
[1] Arora, A., & Zelkowitz, M. (2018). "Real-world applications of AI in dynamic security analysis." Computational Intelligence, 34(2), 111-130. DOI: 10.1111/j.1467-8640.2018.00291.x.
[2] Mohan, K., & Soni, N. (2022). "Towards integrating static and dynamic analysis: Opportunities and challenges." Proceedings of the 2022 ACM Workshop on Secure Software Engineering, 35-43. DOI: 10.1145/3554959.3557797.
[3] Bertino, E., Kantarcioglu, M., Akcora, C. G., Samtani, S., Mittal, S., & Gupta, M. (2021, April). AI for Security and Security for AI. In Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy (pp. 333-334).
[4] Al-Suqri, M. N., & Gillani, M. (2022). A comparative analysis of information and artificial intelligence toward national security. IEEE Access, 10, 64420-64434.
[5] Jamal, A. A., Majid, A. A. M., Konev, A., Kosachenko, T., & Shelupanov, A. (2023). A review on security analysis of cyber-physical systems using Machine learning. Materials today: proceedings, 80, 2302-2306.
[6] Hu, Y., Kuang, W., Qin, Z., Li, K., Zhang, J., Gao, Y., ... & Li, K. (2021). Artificial intelligence security: Threats and countermeasures. ACM Computing Surveys (CSUR), 55(1), 1-36.
[7] Mazhar, T., Talpur, D. B., Shloul, T. A., Ghadi, Y. Y., Haq, I., Ullah, I., ... & Hamam, H. (2023). Analysis of IoT security challenges and its solutions using artificial intelligence. Brain Sciences, 13(4), 683.
[8] Fabiocchi, D., Giulietti, N., Carnevale, M., & Giberti, H. (2024). Ai-driven virtual sensors for real-time dynamic analysis of mechanisms: A feasibility study. Machines, 12(4), 257.
[9] Park, J., Lee, H., & Ryu, S. (2021). A survey of parametric static analysis. ACM Computing Surveys (CSUR), 54(7), 1-37.
[10] Emanuelsson, P., & Nilsson, U. (2008). A comparative study of industrial static analysis tools. Electronic notes in theoretical computer science, 217, 5-21.
[11] Li, L., Bissyandé, T. F., Papadakis, M., Rasthofer, S., Bartel, A., Octeau, D., ... & Traon, L. (2017). Static analysis of Android apps: A systematic literature review. Information and Software Technology, 88, 67-95.
[12] Li, P., & Cui, B. (2010, December). A comparative study on software vulnerability static analysis techniques and tools. In 2010 IEEE International Conference on Information Theory and Security (pp. 521-524). IEEE.
[13] Rival, X., & Yi, K. (2020). Introduction to static analysis: an abstract interpretation perspective. MIT Press.
[14] Bayer, U., Moser, A., Kruegel, C., & Kirda, E. (2006). Dynamic analysis of malicious code. Journal in Computer Virology, 2, 67-77.
[15] Afianian, A., Niksefat, S., Sadeghiyan, B., & Baptiste, D. (2019). Malware dynamic analysis evasion techniques: A survey. ACM Computing Surveys (CSUR), 52(6), 1-28.
[16] Nachtigall, M., Do, L. N. Q., & Bodden, E. (2019, November). Explaining static analysis perspective. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) (pp. 29-32). IEEE.
[17] Cuevas, M., Álvarez-Malebrán, R., Rahmann, C., Ortiz, D., Peña, J., & Rozas-Valderrama, R. (2024). Artificial intelligence techniques for dynamic security assessments survey. Artificial Intelligence Review, 57(12), 340.
[18] Kibria, M. G., Nguyen, K., Villardi, G. P., Zhao, O., Ishizu, K., & Kojima, F. (2018). Big data analytics, machine learning, and artificial intelligence in next-generation wireless networks. IEEE Access, 6, 32328-32338.
[19] Chen, W., Wang, R., Wu, R., Tang, L., & Fan, J. (2016, October). Multi-source and heterogeneous data integration model for big data analytics in power DCS. In 2016 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) (pp. 238-242). IEEE.
[20] Yeole, A. S., & Meshram, B. B. (2011, February). Analysis of different techniques for detection of SQL injection. In Proceedings of the International Conference & Workshop on Emerging Trends in Technology (pp. 963-966).
[21] Antunes, N., & Vieira, M. (2009, September). Detecting SQL injection vulnerabilities in web services. In 2009 Fourth Latin-American Symposium on Dependable Computing (pp. 17-24). IEEE.
[22] Sandeep Phanireddy. "API Security: Offensive and Defensive Strategies", INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH AND CREATIVE TECHNOLOGY, 10 (4), 1-6, 2024.
[23] Sandeep Phanireddy. "Understanding of AI-Based Network Security", IJFMR-International Journal For Multidisciplinary Research, 6 (2), 1-7, 2024.
[24] Sandeep Phanireddy. "Securing Modern Web Applications: Technologies, Threats, and Best Practices", IJIRCT-INTERNATIONAL JOURNAL OF INNOVATIVE RESEARCH AND CREATIVE TECHNOLOGY, 10 (6), 1-14, 2024.
