Table 3. List of feature tokens: badwords and special characters extracted for malicious request detection.
| Attack type | Badwords list | Special characters |
|---|---|---|
| XSS | script, alert, onload, string, fromcharcode, meta, input, type, button, action, iframe, javascript, onmouseover, document, onerror, confirm, formaction, newline, tab, svg, onafterprint, onbeforeprint, onbeforeunload, onhashchange, onmessage, ononline, onoffline, onpagehide, onpageshow, onpopstate, onresize, onstorage, onunload, onblur, onchange, oncontextmenu, oninput, oninvalid, onreset, onsearch, onselect, onsubmit, onkeydown, onkeypress, onkeyup, onclick, ondblclick, onmousedown, onmousemove, onmouseout, onmouseup, onmousewheel, onwheel, ondrag, ondragend, ondragenter, ondragleave, ondragover, ondragstart, ondrop, onscroll, oncopy, oncut, onpaste, onabort, oncanplay, oncanplaythrough, oncuechange, ondurationchange, onemptied, onended, onloadeddata, onloadedmetadata, onloadstart, onpause, onplay, onplaying, onprogress, onratechange, onseeked, onseeking, onstalled, onsuspend, ontimeupdate, onvolumechange, onwaiting, onshow, ontoggle, prompt, src, body, object, title, frameset, style, applet, xml, div, table, base, xss, classid, import, namespace | Character < Character > Character – Character # Character * Character ; Character “ |
| SQL | or, and, like, having, where, injectx, order, order by, rlike, select, case, when, drop, union, group by, limit, system_user, table_schema, table_name, from, information_schema, tables, substring, sysserverse, sysusers, xp_cmdshell, backup, database, create, table, insert, null, exec, sp_addlogin, sp_addsrvrolemember, sysadmin, mysql.user, connect, char, waitfor, delay, pg_sleep, hex, delete, sleep, nvarchar, benchmark, md5, print, objectclass, sqlvuln, members, load_file, sqlattempt2, nslookup, begin, bfilename, replace, count, tabname, syscolumns, selectchar, convert | Character * Characters – Characters —— Characters && Characters __ Characters /* Character @ Character ‘ |
| OSC | type, necho, usr, bin, whoami, ipconfig, system, cat, phpinfo, exec, phpversion, pwd, eval, echo, sleep, curl, wget, which, netstat, dir, uname, nid, perl, systeminfo, reg, print, netsh, hexdec, dechex, sysinfo, net, cmd, server, route, ping, ifconfig | Characters – Character — Characters && Character $ Character < Character > Character ! |
| LFI | etc, passwd, zxrj, l3bhc3n3za==, li4v, shadow, aliases, anacrontab, apache2, at.allow, at.deny, bashrc, bootptab, hosts, httpd, opt, proc, root, usr, lib, local, sbin, var, adm, mysql, atfp_history, bash, ssh, boot.ini, c:\, localstart.asp, apache, volumes, c:/, desktop.ini, programfiles, xampp, bin, winnt, conf, cmdline, nginx, database, hostname | Characters ../ Characters ..\\ Characters .\\. Characters ..\\.. Characters ....\\ Characters ..../ |