Please use this identifier to cite or link to this item: https://doi.org/10.1109/ICECCS.2013.35
Title: A comprehensive client-side behavior model for diagnosing attacks in Ajax applications
Authors: Dong, X.
Patil, K.
Mao, J.
Liang, Z. 
Issue Date: 2013
Citation: Dong, X., Patil, K., Mao, J., Liang, Z. (2013). A comprehensive client-side behavior model for diagnosing attacks in Ajax applications. Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS : 177-187. ScholarBank@NUS Repository. https://doi.org/10.1109/ICECCS.2013.35
Abstract: Behavior models of applications are widely used for diagnosing security incidents in complex web-based systems. However, Ajax techniques that enable better web experiences also make it fairly challenging to model Ajax application behaviors in the complex browser environment. In Ajax applications, server-side states are no longer synchronous with the views to end users at the client side. Therefore, to model the behaviors of Ajax applications, it is indispensable to incorporate client-side application states into the behavior models, as being explored by prior work. Unfortunately, how to leverage behavior models to perform security diagnosis in Ajax applications has yet been thoroughly examined. Existing models extracted from Ajax application behaviors are insufficient in a security context. In this paper, we propose a new behavior model for diagnosing attacks in Ajax applications, which abstracts both client-side state transitions as well as their communications to external servers. Our model articulates different states with the browser events or user actions that trigger state transitions. With a prototype implementation, we demonstrate that the proposed model is effective in attack diagnosis for real-world Ajax applications. © 2013 IEEE.
Source Title: Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS
URI: http://scholarbank.nus.edu.sg/handle/10635/77950
ISBN: 9780769550077
DOI: 10.1109/ICECCS.2013.35
Appears in Collections:Staff Publications

Show full item record
Files in This Item:
There are no files associated with this item.

SCOPUSTM   
Citations

7
checked on Dec 7, 2018

WEB OF SCIENCETM
Citations

3
checked on Nov 21, 2018

Page view(s)

45
checked on Dec 8, 2018

Google ScholarTM

Check

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.