Exploring the Application of Process Mining Techniques to Improve Web Application Security

被引:0
|
作者
Bruno, Marcelo [1 ]
Ibanez, Pablo [1 ]
Techera, Tamara [1 ]
Calegari, Daniel [1 ]
Betarte, Gustavo [1 ]
机构
[1] Univ Republica, Fac Ingn, Inst Comp, Montevideo 11300, Uruguay
来源
2021 XLVII LATIN AMERICAN COMPUTING CONFERENCE (CLEI 2021) | 2021年
关键词
Security; web applications; process mining; web application firewall; ModSecurity; ProM; CHECKING;
D O I
10.1109/CLEI53233.2021.9640192
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Web applications are permanently being exposed to attacks that exploit their vulnerabilities. To detect and prevent misuse of the functionality provided by an application, it has become necessary to develop techniques that help discern between a valid user of the system and a malicious agent. In recent years, a technology that has been widely deployed to provide automated and non-invasive support for detecting web application attacks is Web Application Firewalls. In this work, we put forward and discuss the application of Process Mining techniques to detect deviations from the expected behavior of web applications. The objects of behavior analysis are logs generated by a widely deployed WAF called ModSecurity. We discuss experiments we have carried out applying our mining method on the well-known e-commerce platform Magento and using the ProM tool for the execution of the process mining techniques.
引用
收藏
页数:10
相关论文
共 50 条
  • [1] Process Mining Techniques: an Application to Stroke Care
    Mans, Ronny
    Schonenberg, Helen
    Leonardi, Giorgio
    Panzarasa, Silvia
    Cavallini, Anna
    Quaglini, Silvana
    van der Aalst, Wil
    [J]. EHEALTH BEYOND THE HORIZON - GET IT THERE, 2008, 136 : 573 - +
  • [2] Process Mining Techniques: An Application to Time Management
    Khowaja, Ali Raza
    [J]. NINTH INTERNATIONAL CONFERENCE ON GRAPHIC AND IMAGE PROCESSING (ICGIP 2017), 2018, 10615
  • [3] Application of Web mining techniques in e-business
    Yan, Jun
    Zhang, Tiefu
    Zhang, Xing
    Ma, Xiaojie
    [J]. ADVANCING SCIENCE THROUGH COMPUTATION, 2008, : 401 - 404
  • [4] Application of Web Data Mining Technology in the Information Security Management
    Wang, Kun
    [J]. PROCEEDINGS OF 2014 2ND INTERNATIONAL CONFERENCE IN HUMANITIES, SOCIAL SCIENCES AND GLOBAL BUSINESS MANAGEMENT (ISSGBM 2014), VOL 25, 2014, 25 : 260 - 263
  • [5] The Application of Web Usage Mining In E-commerce Security
    Tamimi, Reyhaneh
    Ebrahim, Mohammad
    Mohammadpourzarandi
    [J]. 2013 7TH INTERNATIONAL CONFERENCE ON E-COMMERCE IN DEVELOPING COUNTRIES: WITH FOCUS ON E-SECURITY (ECDC), 2013,
  • [6] Smyrida: A web application for process mining and interactive visualization
    Merkoureas, Ilias
    Kaouni, Antonia
    Theodoropoulou, Georgia
    Bousdekis, Alexandros
    Voulodimos, Athanasios
    Miaoulis, Georgios
    [J]. SOFTWAREX, 2023, 22
  • [7] Mining web logs to improve WebGIS application response times
    Holowczak, Richard
    Taksa, Isak
    Levine, Ilan
    [J]. INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY, PROCEEDINGS, 2007, : 475 - +
  • [8] Study of application of Web mining techniques in e-business
    Li Haigang
    Yin Wanling
    [J]. 2006 INTERNATIONAL CONFERENCE ON SERVICE SYSTEMS AND SERVICE MANAGEMENT, VOLS 1 AND 2, PROCEEDINGS, 2006, : 1587 - 1592
  • [9] Application of Data Mining Techniques for Software Reuse Process
    Prakash, B. V. Ajay
    Ashoka, D. V.
    Aradhya, V. N. Manjunath
    [J]. 2ND INTERNATIONAL CONFERENCE ON COMPUTER, COMMUNICATION, CONTROL AND INFORMATION TECHNOLOGY (C3IT-2012), 2012, 4 : 384 - 389
  • [10] Application of Process Mining Techniques for Innovation Analysis and Support
    Genga, Laura
    [J]. PROCEEDINGS OF THE 2013 INTERNATIONAL CONFERENCE ON COLLABORATION TECHNOLOGIES AND SYSTEMS (CTS), 2013, : 584 - 587
12345