Affiliation:
1. “Gheorghe Asachi” Technical University of Iași , Faculty of Automatic Control and Computer Science
Abstract
Abstract
Designing a security solution should rely on having a good knowledge of the protected assets and better develop active responses rather than focus on reactive ones. We argue and prove that malicious activities such as vulnerabilities exploitation and (D)DoS on Web applications can be detected during their respective initial phases. While they may seem distinct, both attack scenarios are observable through abnormal access patterns. Following on this remark, we first analyze Web access logs using association rule mining techniques and identify these malicious traces. This new description of the historical data is then correlated with Web site structure information and mapped over trie data structures. The resulted trie is then used for every new incoming request and we thus identify whether the access pattern is legitimate or not. The results we obtained using this proactive approach show that the potential attacker is denied the required information for orchestrating successful assaults.
Reference25 articles.
1. Agrawal R., Srikant R., Fast Algorithms for Mining Association Rules in Large Databases, In Proceedings of the 20th International Conference on Very Large Data Bases, VLDB ’94, Morgan Kaufmann Publishers Inc, San Francisco, CA, USA, 487-499.
2. Barrett M., Framework for Improving Critical Infrastructure Cybersecurity Version 1.1, NIST Cybersecurity Framework, 2018 (available online, https://doi.org/10.6028/NIST.CSWP.04162018, last accessed: October 2021).
3. Dasgupta D., Akhtar Z., Sen S., Machine Learning in Cybersecurity: A Comprehensive Survey, The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, 19, 1, 57-106 (2020).10.1177/1548512920951275
4. Dean J., Ghemawat S., MapReduce: Simplified Data Processing on Large Clusters, Commun. Association for Computing Machinery, New York, NY, USA, 51, 1, 107-113 (2008).10.1145/1327452.1327492
5. Fielding R.T., Reschke J., Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content, RFC 7231, ISSN: 2070-1721, June 2014.10.17487/rfc7231