Showing total 2 results

1. Early web application attack detection using network traffic analysis.

Author

Rajić, Branislav, Stanisavljević, Žarko, and Vuletić, Pavle

Subjects

WEB-based user interfaces, SUPERVISED learning, MACHINE learning, HTTP (Computer network protocol), INTERNET traffic, TRAFFIC monitoring, COMPUTER networks, SCANNING systems

Abstract

The number of deployed web applications and the number of web-based attacks in the last decade are constantly increasing. One group of tools that gained the attention of cyber security specialists are Dynamic Application Security Testing (DAST) tools, which is used to assess the security posture of web applications. DAST tools have similar purpose for web applications as network scanners and mappers have for local networks and computers—to scan web applications, enumerate as much as possible information from them and this way potentially reveal existing vulnerabilities. The tools are not only used by security analysts but also by the attackers in the reconnaissance and enumeration phases of the attack. This paper analyses DAST tools' network behaviour patterns, characteristic features that distinguish them from other traffic and methods to detect their operation using classical supervised machine learning methods. Unlike most of the work related to web application security and web application attack detection, which relies on HTTP logs, the research presented here is based on network traffic traces and flow statistics. This allows malicious scanning detection on the network traffic path even in the case of encrypted web traffic. Experimental results show that an accurate and reliable detection of four analysed DAST tools, ZAP, Nikto, Vega and Arachni, is possible. Flow classification of the existing DAST tools has high precision because DAST tools still do not deploy any mechanisms to hide their operation and mimic web application browsing by human users. Additionally, the paper contains an analysis of fast malicious behaviour detection through an analysis of the detection of malicious behaviour, while the flows are still active. The experimental results show that it is possible to detect malicious behaviour with a relatively high accuracy after only 15 packets in a flow. [ABSTRACT FROM AUTHOR]

Published

2023

2. Machine learning approach to vulnerability detection in OAuth 2.0 authentication and authorization flow.

Author

Munonye, Kindson and Péter, Martinek

Subjects

MACHINE learning, WEB-based user interfaces, SUPERVISED learning

Abstract

Technologies for integrating enterprise web applications have improved rapidly over the years. The OAuth framework provides authentication and authorization using the users' profile and credentials in an existing identity provider. This makes it possible for attackers to exploit any vulnerability arising from exchange of data with the provider. Vulnerability in OAuth authorization flow allows an attacker to alter the normal flow sequence of the OAuth protocol. In this paper, a machine learning-based approach was applied in the detection of potential vulnerability in the OAuth authentication and authorization flow by analyzing the relationship between changes in the OAuth parameters and the final output. This research models the OAuth protocol as a supervised learning problem where seven classification models were developed, tuned and evaluated. Exploratory Data Analytics (EDA) techniques were applied in the extraction and analysis of specific OAuth features so that each output class could be evaluated to determine the effect of the identified OAuth features. The models developed in this research were trained, tuned and tested. A performance accuracy above 90% was attained for detection of vulnerabilities in the OAuth authentication and authorization flow. Comparison with known vulnerability resulted in a 54% match. [ABSTRACT FROM AUTHOR]

Published

2022