Detecting Website Defacements Based on Machine Learning Techniques and Attack Signatures

Hoang, Xuan Dau; Nguyen, Ngoc Tuong

doi:10.3390/computers8020035

Cited by 15 publications

(28 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Hoang and Nguyen [18] proposed a hybrid defacement detection model that is designed based on the combination of the ML-based detection and the signature-based detection.…”

Section: Related Workmentioning

confidence: 99%

“…Interestingly, we observed that no studies clearly described how their monitoring cycles are set or should be set. For example, some detection methods [8,11,16,20,21] monitor web pages with a periodic or fixed monitoring cycle without clear explanations, and some works [7,9,10,12,15,18,19] did not even explain in detail about their monitoring method and cycle.…”

Section: Related Workmentioning

confidence: 99%

“…After that, A starts launching its actual intended secondary attacks such as extracting critical information from U or DDoS attacks by using the botnet that consists of many Us (bots) [4]. As shown in Figure 1, existing detection approaches against web defacement attacks can be classified into either server-based detection approach or client-based detection approach [5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21].…”

Section: Introductionmentioning

confidence: 99%

“…On the other hand, in the client-based detection approach [7][8][9][10][11][12][13][14][15][16][17][18][19][20][21], the client-based detection system (D C ) is located outside the server WS and monitors web pages in the WS remotely. D C behaves as a common web user U; D C periodically accesses the WS and collects web pages from the WS.…”

Section: Introductionmentioning

confidence: 99%

“…Meanwhile, most existing researches on client-based detection mainly focused on either proposing new detection methods or improving attack detection accuracy [7][8][9][10][11][12][13][14][15][16][17][18][19][20][21]. Interestingly, to the best of our knowledge based on our extensive survey, there are no studies that explain how frequently their monitoring and detection processes should be performed.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms

Cho

2019

Electronics

View full text Add to dashboard Cite

Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms and thus avoid the defense systems’ detection and prevention activities. Web defacement attacks refer to a series of attacks that illegally modify web pages for malicious purposes, and are one of the serious ongoing cyber threats that occur globally. Detection methods against such attacks can be classified into either server-based approaches or client-based approaches, and there are pros and cons for each approach. From our extensive survey on existing client-based defense methods, we found a critical security vulnerability which can be exploited by intelligent attackers. In this paper, we report the security vulnerability in existing client-based detection methods with a fixed monitoring cycle and present novel intelligent on-off web defacement attacks exploiting such vulnerability. Next, we propose to use a random monitoring strategy as a promising countermeasure against such attacks, and design two random monitoring defense algorithms: (1) Uniform Random Monitoring Algorithm (URMA), and (2) Attack Damage-Based Random Monitoring Algorithm (ADRMA). In addition, we present extensive experiment results to validate our idea and show the detection performance of our random monitoring algorithms. According to our experiment results, our random monitoring detection algorithms can quickly detect various intelligent web defacement on-off attacks (AM1, AM2, and AM3), and thus do not allow huge attack damage in terms of the number of defaced slots when compared with an existing fixed periodic monitoring algorithm (FPMA).

show abstract

“…Hoang and Nguyen [18] proposed a hybrid defacement detection model that is designed based on the combination of the ML-based detection and the signature-based detection.…”

Section: Related Workmentioning

confidence: 99%