Publication
Diversity of network traffic processing to discover attacks and vulnerabilities in Web applications
| datacite.subject.fos | Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática | pt_PT |
| dc.contributor.advisor | Medeiros, Ibéria Vitória de Sousa | |
| dc.contributor.advisor | Cogo, Vinicius Vielmo | |
| dc.contributor.author | Branco, Rodrigo Pereira | |
| dc.date.accessioned | 2024-11-26T15:28:36Z | |
| dc.date.available | 2024-11-26T15:28:36Z | |
| dc.date.issued | 2024 | |
| dc.date.submitted | 2024 | |
| dc.description | Tese de Mestrado, Engenharia Informática, 2024, Universidade de Lisboa, Faculdade de Ciências | pt_PT |
| dc.description.abstract | Web applications are essential for accessing online services, but they often suffer from vulnerabilities due to their rapid development and human error. This leaves them susceptible to attacks, necessitating security analysts to manage numerous threats and alerts. However, traditional alerts typically lack detailed information about the nature of attacks, which complicates risk assessment and increases remediation efforts. Network Intrusion Detection Systems (NIDS) are a primary defense against such attacks, using Deep Packet Inspection (DPI) to detect malicious activities by analyzing network traffic packet contents. However, the widespread adoption of HTTPS, which encrypts traffic to ensure confidentiality, hampers NIDS’ effectiveness by obscuring packet contents. This dissertation presents an innovative approach to enhance web application security by detecting and classifying web injection attacks using Natural Language Processing (NLP) and Machine Learning (ML) algorithms. The approach addresses the encrypted network traffic challenge without decrypting their content packets by analyzing network flows (Netflows) and leveraging web server logs. Initially, unsupervised ML algorithms detect anomalous Netflows, and their corresponding contents are further inspected using NLP and supervised ML to classify attacks. A Locality Sensitive Hashing (LSH) algorithm establishes a Similarity Search Engine (SSE) to recognize known web application attacks. Our resulting system focuses on identifying and classifying various web attacks, including SQL Injection (SQLI), Cross-Site Scripting (XSS), Directory Traversal (DT), Template Injection (TI), OS Command Injection (OSCI), CRLF Injection (CRLFI), Code Injection (CI), and XML External Entity (XXE) attacks. The evaluation performed for the solution demonstrated the feasibility of using the combination of NLP and ML for attack classification, showing that the solution can effectively identify and categorize malicious traffic, improving web application security. This solution can provide valuable information for alert prioritization, assessment, and remediation, benefiting security analysts and enhancing the protection of web applications against sophisticated threats. | pt_PT |
| dc.identifier.tid | 203741188 | |
| dc.identifier.uri | http://hdl.handle.net/10400.5/95658 | |
| dc.language.iso | eng | pt_PT |
| dc.relation | H2020-IA-101023666 | pt_PT |
| dc.relation | UIDB/00408/2020 | pt_PT |
| dc.relation | UIDP/00408/2020 | pt_PT |
| dc.subject | Classificação de ataques de injeção na Web | pt_PT |
| dc.subject | Aprendizagem automática | pt_PT |
| dc.subject | Processamento de Linguagem Natural | pt_PT |
| dc.subject | Locality Sensitive Hashing | pt_PT |
| dc.subject | Segurança de aplicações web | pt_PT |
| dc.subject | Teses de mestrado - 2024 | pt_PT |
| dc.title | Diversity of network traffic processing to discover attacks and vulnerabilities in Web applications | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Mestrado em Engenharia Informática | pt_PT |