Exploring the Application of Process Mining Techniques to Improve Web Application Security

被引：0

作者：

Bruno, Marcelo ^{[1
]}

Ibanez, Pablo ^{[1
]}

Techera, Tamara ^{[1
]}

Calegari, Daniel ^{[1
]}

Betarte, Gustavo ^{[1
]}

机构：

[1] Univ Republica, Fac Ingn, Inst Comp, Montevideo 11300, Uruguay

来源：

2021 XLVII LATIN AMERICAN COMPUTING CONFERENCE (CLEI 2021) | 2021年

关键词：

Security; web applications; process mining; web application firewall; ModSecurity; ProM; CHECKING;

D O I：

10.1109/CLEI53233.2021.9640192

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Web applications are permanently being exposed to attacks that exploit their vulnerabilities. To detect and prevent misuse of the functionality provided by an application, it has become necessary to develop techniques that help discern between a valid user of the system and a malicious agent. In recent years, a technology that has been widely deployed to provide automated and non-invasive support for detecting web application attacks is Web Application Firewalls. In this work, we put forward and discuss the application of Process Mining techniques to detect deviations from the expected behavior of web applications. The objects of behavior analysis are logs generated by a widely deployed WAF called ModSecurity. We discuss experiments we have carried out applying our mining method on the well-known e-commerce platform Magento and using the ProM tool for the execution of the process mining techniques.

引用

页数：10

共 50 条

[21] Establishment of maintenance inspection intervals: an application of process mining techniques in manufacturing
Edson Ruschel
Eduardo Alves Portela Santos
Eduardo de Freitas Rocha Loures
[J]. Journal of Intelligent Manufacturing, 2020, 31 : 53 - 72
[22] Application of Web Mining in Electronic Commerce
Liu Qiang
Zhang Aming
[J]. SUSTAINABLE DEVELOPMENT AND ENVIRONMENT II, PTS 1 AND 2, 2013, 409-410 : 1597 - 1603
[23] Hybrid clustering with application to web mining
Xu, Y
[J]. PROCEEDINGS OF THE 2005 INTERNATIONAL CONFERENCE ON ACTIVE MEDIA TECHNOLOGY (AMT 2005), 2005, : 574 - 578
[24] Web mining for electronic business application
Liu, JG
Huang, ZH
Wu, WP
[J]. PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS AND TECHNOLOGIES, PDCAT'2003, PROCEEDINGS, 2003, : 872 - 876
[25] Application Areas of Web Usage Mining
Aggarwal, Saloni
Mangat, Veenu
[J]. 2015 5TH INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING & COMMUNICATION TECHNOLOGIES ACCT 2015, 2015, : 208 - 211
[26] SUCCESSFUL APPLICATION OF COMMUNICATION TECHNIQUES TO IMPROVE THE SYSTEMS-DEVELOPMENT PROCESS
BOSTROM, RP
[J]. INFORMATION & MANAGEMENT, 1989, 16 (05) : 279 - 295
[27] A Novice Approach for Web Application Security
Doshi, Jignesh
Trivedi, Bhushan
[J]. PROCEEDINGS OF INTERNATIONAL CONFERENCE ON COMMUNICATION AND NETWORKS, 2017, 508 : 1 - 9
[28] Web application security assessment tools
Curphey, Mark
Araujo, Rudolph
[J]. IEEE SECURITY & PRIVACY, 2006, 4 (04) : 32 - 41
[29] Open Web Application Security Project
Dirk Fox
[J]. Datenschutz und Datensicherheit - DuD, 2006, 30 (10) : 636 - 636
[30] Web Application Security: A Pragmatic Expose
Aladi, Clement C.
[J]. DIGITAL THREATS: RESEARCH AND PRACTICE, 2024, 5 (02):

← 1 2 3 4 5 →