Hide/Show Apps

Malicious user input detection on web-based attacks with the negative selection algorithm

Karataş, Mustafa Mer
In the cyber security domain, detection and prevention of intrusions is a crucial task. Intrusion attempts exploiting vulnerabilities in an organization’s servers or applications may lead to devastating consequences. The malicious actor may obtain sensitive information from the application, seize database records or take over the servers completely. While protecting web applications/services, discrimination of legitimate user inputs from malicious payloads must be done. Taking inspiration from the Human Immune System (HIS), numerous research studies have been conducted, where the HIS’ behavior while protecting the body from the malicious pathogens is applied to the problem of intrusion detection. The T-cell is one of the lymphocytes that form the human immune system. The study of Artificial Immune Systems (AIS), applies the self/non-self discrimination of T-cells to computational discrimination problems. The ability to discriminate self (safe) from non-self (malicious) is used for the detection of any malicious activity in a computer, or a computer network. The AIS model of interest in this thesis is Negative Selection. Negative Selection Algorithm is applied to detect malicious user input that is submitted in HTTP GET parameters. Detection is done through detector strings with varying lengths. Detectors are constructed with randomly chosen n-grams generated from the training dataset. The number of n-grams required to form a detector is sampled from the Poisson distribution. Detection rates, number of attempts needed for generating a single detector, average detection rates for each detector, the lengths of the detectors and the number of detectors that can be generated over a course of time are calculated and presented.