Malicious user input detection on web-based attacks with the negative selection algorithm

Karataş, Mustafa Mer
In the cyber security domain, detection and prevention of intrusions is a crucial task. Intrusion attempts exploiting vulnerabilities in an organization’s servers or applications may lead to devastating consequences. The malicious actor may obtain sensitive information from the application, seize database records or take over the servers completely. While protecting web applications/services, discrimination of legitimate user inputs from malicious payloads must be done. Taking inspiration from the Human Immune System (HIS), numerous research studies have been conducted, where the HIS’ behavior while protecting the body from the malicious pathogens is applied to the problem of intrusion detection. The T-cell is one of the lymphocytes that form the human immune system. The study of Artificial Immune Systems (AIS), applies the self/non-self discrimination of T-cells to computational discrimination problems. The ability to discriminate self (safe) from non-self (malicious) is used for the detection of any malicious activity in a computer, or a computer network. The AIS model of interest in this thesis is Negative Selection. Negative Selection Algorithm is applied to detect malicious user input that is submitted in HTTP GET parameters. Detection is done through detector strings with varying lengths. Detectors are constructed with randomly chosen n-grams generated from the training dataset. The number of n-grams required to form a detector is sampled from the Poisson distribution. Detection rates, number of attempts needed for generating a single detector, average detection rates for each detector, the lengths of the detectors and the number of detectors that can be generated over a course of time are calculated and presented.


Increasing trustworthiness of security critical applications using trusted computing
Uzunay, Yusuf; Baykal, Nazife; Bıçakcı, Kemal; Department of Information Systems (2014)
In this thesis work, we aim to increase the trustworthiness of security critical applications by utilizing trusted computing technologies. We focus on two case applications; authentication proxy systems and e-voting systems. Our first case application is authentication proxy systems which store users’ sensitive credentials and submit them to the servers of the service providers on their behalf. To increase the trustworthiness of authentication proxy systems, we propose Trust-in-the-Middle a trusted platform...
Application of subspace clustering to scalable malware clustering
Işıktaş, Fatih; Betin Can, Aysu; Department of Information Systems (2019)
In recent years, massive proliferation of malware variants has made it necessary to employ sophisticated clustering techniques in malware analysis. Choosing an appropriate clustering approach is very important especially for rapidly and accurately mining clustering information from a large malware set with high number of attributes. In this study, we propose a clustering method that is based on subspace clustering and graph matching techniques and presents an enhanced clustering ability and scalable runtime...
Security of certificate-based protocols: focus on server authentication
Baran, Selim; Özbudak, Ferruh; Selçuk, Ali Aydın; Department of Cryptography (2015)
Today, secure communication channels are mostly set up via certificate-based protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). Although they have been used for years and in so many areas, from e-commerce and internet banking to secure channel needs in military, there have been several attacks on their security model, which forced researchers to make studies on them. In this thesis, we will explain their security model, the vulnerabilities discovered so far, the precautions fo...
Detecting malicious behavior in binary programs using dynamic symbolic execution and API call sequences
Tatar, Fatih Tamer; Betin Can, Aysu; Department of Bioinformatics (2021-6)
Program analysis becomes an important part of malware detection as malware become stealthier and more complex. For example, modern malware may detect whether they are under analysis and they may use certain triggers such as time to avoid detection. However, current detection techniques turn out to be insufficient as they have limitations to detect new, obfuscated, and intelligent malware. In this thesis, we propose a behavior based malware detection methodology using API call sequence analysis. In our metho...
Virtual penetration testing with phase based vulnerability analysis
Çalışkan, Emre; Baykal, Nazife; Department of Information Systems (2015)
Vulnerability scanning, penetration testing, and manual auditing are ways of finding vulnerabilities in organizations. However, they have some limitations like time, accuracy, testers’ ability, etc. Virtual penetration testing aims to alleviate these limitations. By virtual penetration testing, it is intended to assess security controls corresponding to the vulnerabilities found by vulnerability scanning, and correlating assessment result with vulnerabilities. Consequently, correlation will enable to find e...
Citation Formats
M. M. Karataş, “Malicious user input detection on web-based attacks with the negative selection algorithm,” Thesis (M.S.) -- Graduate School of Informatics. Cyber Security., Middle East Technical University, 2019.