VulnDetector: A Lightweight Machine Learning Approach for Web Payload Vulnerability Detection

Abstract

The increasing reliance on web applications has elevated the risk of malicious attacks such as SQL injection, cross-site scripting (XSS), path traversal, and command injection. Traditional rule-based security systems often fail to detect novel or obfuscated attack patterns, leaving web applications vulnerable. This project proposes VulnDetector, a lightweight machine learning-based vulnerability detection framework that can classify web payloads as safe or potentially malicious with high accuracy.The system leverages a TF-IDF (Term Frequency-Inverse Document Frequency) vectorizer on characterlevel n-grams to extract features from web payloads. A Random Forest Classifier is trained on a curated dataset of safe and malicious inputs, enabling it to learn subtle patterns in payloads. The use of character-level n-grams allows the system to detect attacks even when traditional signatures fail due to minor obfuscation or unusual syntax. VulnDetector is designed with efficiency in mind, allowing rapid predictions suitable for real-time web traffic monitoring. Beyond simple classification, it provides attack-type estimation, categorizing detected payloads as potential XSS, SQL injection, or path traversal attacks. This information aids security teams in understanding and prioritizing threats.The framework is trained initially on a synthetic dataset containing common safe URLs and typical attack payloads. While lightweight, the model is extensible and can be retrained on more extensive datasets for higher accuracy. Joblib serialization is used to save the trained model and vectorizer for reuse, optimizing deployment efficiency.Preliminary testing on sample payloads demonstrates that VulnDetector can correctly classify benign requests while identifying malicious patterns with high confidence. For instance, SQL injection attempts like "' OR 1=1 --" are correctly flagged, while normal search queries are marked safe. The system provides both the probability of maliciousness and the likely attack type, offering a richer context for automated security monitoring. By combining machine learning with simple yet effective preprocessing, VulnDetector addresses the limitations of traditional signature-based systems. It provides a scalable, interpretable, and deployable solution to enhance web application security. Future extensions include integrating additional machine learning algorithms, expanding the dataset with real-world attack payloads, and deploying the tool as a REST API for dynamic monitoring.