TY - GEN
T1 - Anomaly behavior analysis of website vulnerability and security
AU - Satam, Pratik
AU - Kelly, Douglas
AU - Hariri, Salim
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/7/2
Y1 - 2016/7/2
N2 - The world wide web has grown exponentially over the previous decade in terms of its size that is currently over a billion sties, as well as the number of users. In fact, web usage has become pervasive to touch all aspects of our life, economy and education. These rapid advances have also significantly increase the vulnerabilities of websites that are being hacked on a daily basis. According to White Hat security's '2015 Website Security Statistics Report' more than 86% of all websites have one or more critical vulnerability and the likelihood of information leakage is 56%. With no effective website security measures in place, one can expect the website security to be even more critical. The main research goal of this paper is to overcome this challenge by presenting an online anomaly behavior analysis of websites (e.g., HTML files) to detect any malicious codes or pages that have been injected by web attacks. Our anomaly analysis approach utilizes feature selection, data mining, data analytics and statistical techniques to identify accurately the webpage contents that have been compromised or can be exploited by attacks such as phishing attacks, cross site scripting attacks, html injection attacks, malware insertion attacks, just to name a few. We have validated our approach on more than 10,000 files and showed that our approach can detect malicious HTML files with a true positive rate of 99% and a false positive rate of 0.8% for abnormal files.
AB - The world wide web has grown exponentially over the previous decade in terms of its size that is currently over a billion sties, as well as the number of users. In fact, web usage has become pervasive to touch all aspects of our life, economy and education. These rapid advances have also significantly increase the vulnerabilities of websites that are being hacked on a daily basis. According to White Hat security's '2015 Website Security Statistics Report' more than 86% of all websites have one or more critical vulnerability and the likelihood of information leakage is 56%. With no effective website security measures in place, one can expect the website security to be even more critical. The main research goal of this paper is to overcome this challenge by presenting an online anomaly behavior analysis of websites (e.g., HTML files) to detect any malicious codes or pages that have been injected by web attacks. Our anomaly analysis approach utilizes feature selection, data mining, data analytics and statistical techniques to identify accurately the webpage contents that have been compromised or can be exploited by attacks such as phishing attacks, cross site scripting attacks, html injection attacks, malware insertion attacks, just to name a few. We have validated our approach on more than 10,000 files and showed that our approach can detect malicious HTML files with a true positive rate of 99% and a false positive rate of 0.8% for abnormal files.
KW - Data analysis
KW - Deision fusion
KW - Feature extraction
KW - HTMl
KW - Machine learning
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=85022021543&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85022021543&partnerID=8YFLogxK
U2 - 10.1109/AICCSA.2016.7945697
DO - 10.1109/AICCSA.2016.7945697
M3 - Conference contribution
AN - SCOPUS:85022021543
T3 - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
BT - 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications, AICCSA 2016 - Proceedings
PB - IEEE Computer Society
T2 - 13th IEEE/ACS International Conference of Computer Systems and Applications, AICCSA 2016
Y2 - 29 November 2016 through 2 December 2016
ER -