Anomaly behavior analysis of website vulnerability and security

Pratik Satam, Douglas Kelly, Salim Hariri

Research output: ResearchConference contribution

Abstract

The world wide web has grown exponentially over the previous decade in terms of its size that is currently over a billion sties, as well as the number of users. In fact, web usage has become pervasive to touch all aspects of our life, economy and education. These rapid advances have also significantly increase the vulnerabilities of websites that are being hacked on a daily basis. According to White Hat security's '2015 Website Security Statistics Report' more than 86% of all websites have one or more critical vulnerability and the likelihood of information leakage is 56%. With no effective website security measures in place, one can expect the website security to be even more critical. The main research goal of this paper is to overcome this challenge by presenting an online anomaly behavior analysis of websites (e.g., HTML files) to detect any malicious codes or pages that have been injected by web attacks. Our anomaly analysis approach utilizes feature selection, data mining, data analytics and statistical techniques to identify accurately the webpage contents that have been compromised or can be exploited by attacks such as phishing attacks, cross site scripting attacks, html injection attacks, malware insertion attacks, just to name a few. We have validated our approach on more than 10,000 files and showed that our approach can detect malicious HTML files with a true positive rate of 99% and a false positive rate of 0.8% for abnormal files.

LanguageEnglish (US)
Title of host publication2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings
PublisherIEEE Computer Society
ISBN (Electronic)9781509043200
DOIs
StatePublished - Jun 9 2017
Event13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016 - Agadir, Morocco
Duration: Nov 29 2016Dec 2 2016

Other

Other13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016
CountryMorocco
CityAgadir
Period11/29/1612/2/16

Fingerprint

Websites
HTML
World Wide Web
Data mining
Feature extraction
Education
Statistics
Malware

Keywords

  • Data analysis
  • Deision fusion
  • Feature extraction
  • HTMl
  • Machine learning
  • Static analysis

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Cite this

Satam, P., Kelly, D., & Hariri, S. (2017). Anomaly behavior analysis of website vulnerability and security. In 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings [7945697] IEEE Computer Society. DOI: 10.1109/AICCSA.2016.7945697

Anomaly behavior analysis of website vulnerability and security. / Satam, Pratik; Kelly, Douglas; Hariri, Salim.

2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings. IEEE Computer Society, 2017. 7945697.

Research output: ResearchConference contribution

Satam, P, Kelly, D & Hariri, S 2017, Anomaly behavior analysis of website vulnerability and security. in 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings., 7945697, IEEE Computer Society, 13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016, Agadir, Morocco, 11/29/16. DOI: 10.1109/AICCSA.2016.7945697
Satam P, Kelly D, Hariri S. Anomaly behavior analysis of website vulnerability and security. In 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings. IEEE Computer Society. 2017. 7945697. Available from, DOI: 10.1109/AICCSA.2016.7945697
Satam, Pratik ; Kelly, Douglas ; Hariri, Salim. / Anomaly behavior analysis of website vulnerability and security. 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings. IEEE Computer Society, 2017.
@inbook{681e584434db415a8892397d540823f2,
title = "Anomaly behavior analysis of website vulnerability and security",
abstract = "The world wide web has grown exponentially over the previous decade in terms of its size that is currently over a billion sties, as well as the number of users. In fact, web usage has become pervasive to touch all aspects of our life, economy and education. These rapid advances have also significantly increase the vulnerabilities of websites that are being hacked on a daily basis. According to White Hat security's '2015 Website Security Statistics Report' more than 86% of all websites have one or more critical vulnerability and the likelihood of information leakage is 56%. With no effective website security measures in place, one can expect the website security to be even more critical. The main research goal of this paper is to overcome this challenge by presenting an online anomaly behavior analysis of websites (e.g., HTML files) to detect any malicious codes or pages that have been injected by web attacks. Our anomaly analysis approach utilizes feature selection, data mining, data analytics and statistical techniques to identify accurately the webpage contents that have been compromised or can be exploited by attacks such as phishing attacks, cross site scripting attacks, html injection attacks, malware insertion attacks, just to name a few. We have validated our approach on more than 10,000 files and showed that our approach can detect malicious HTML files with a true positive rate of 99% and a false positive rate of 0.8% for abnormal files.",
keywords = "Data analysis, Deision fusion, Feature extraction, HTMl, Machine learning, Static analysis",
author = "Pratik Satam and Douglas Kelly and Salim Hariri",
year = "2017",
month = "6",
doi = "10.1109/AICCSA.2016.7945697",
booktitle = "2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings",
publisher = "IEEE Computer Society",

}

TY - CHAP

T1 - Anomaly behavior analysis of website vulnerability and security

AU - Satam,Pratik

AU - Kelly,Douglas

AU - Hariri,Salim

PY - 2017/6/9

Y1 - 2017/6/9

N2 - The world wide web has grown exponentially over the previous decade in terms of its size that is currently over a billion sties, as well as the number of users. In fact, web usage has become pervasive to touch all aspects of our life, economy and education. These rapid advances have also significantly increase the vulnerabilities of websites that are being hacked on a daily basis. According to White Hat security's '2015 Website Security Statistics Report' more than 86% of all websites have one or more critical vulnerability and the likelihood of information leakage is 56%. With no effective website security measures in place, one can expect the website security to be even more critical. The main research goal of this paper is to overcome this challenge by presenting an online anomaly behavior analysis of websites (e.g., HTML files) to detect any malicious codes or pages that have been injected by web attacks. Our anomaly analysis approach utilizes feature selection, data mining, data analytics and statistical techniques to identify accurately the webpage contents that have been compromised or can be exploited by attacks such as phishing attacks, cross site scripting attacks, html injection attacks, malware insertion attacks, just to name a few. We have validated our approach on more than 10,000 files and showed that our approach can detect malicious HTML files with a true positive rate of 99% and a false positive rate of 0.8% for abnormal files.

AB - The world wide web has grown exponentially over the previous decade in terms of its size that is currently over a billion sties, as well as the number of users. In fact, web usage has become pervasive to touch all aspects of our life, economy and education. These rapid advances have also significantly increase the vulnerabilities of websites that are being hacked on a daily basis. According to White Hat security's '2015 Website Security Statistics Report' more than 86% of all websites have one or more critical vulnerability and the likelihood of information leakage is 56%. With no effective website security measures in place, one can expect the website security to be even more critical. The main research goal of this paper is to overcome this challenge by presenting an online anomaly behavior analysis of websites (e.g., HTML files) to detect any malicious codes or pages that have been injected by web attacks. Our anomaly analysis approach utilizes feature selection, data mining, data analytics and statistical techniques to identify accurately the webpage contents that have been compromised or can be exploited by attacks such as phishing attacks, cross site scripting attacks, html injection attacks, malware insertion attacks, just to name a few. We have validated our approach on more than 10,000 files and showed that our approach can detect malicious HTML files with a true positive rate of 99% and a false positive rate of 0.8% for abnormal files.

KW - Data analysis

KW - Deision fusion

KW - Feature extraction

KW - HTMl

KW - Machine learning

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=85022021543&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85022021543&partnerID=8YFLogxK

U2 - 10.1109/AICCSA.2016.7945697

DO - 10.1109/AICCSA.2016.7945697

M3 - Conference contribution

BT - 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings

PB - IEEE Computer Society

ER -