Please use this identifier to cite or link to this item:
|Title:||A comprehensive client-side behavior model for diagnosing attacks in Ajax applications|
|Citation:||Dong, X., Patil, K., Mao, J., Liang, Z. (2013). A comprehensive client-side behavior model for diagnosing attacks in Ajax applications. Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS : 177-187. ScholarBank@NUS Repository. https://doi.org/10.1109/ICECCS.2013.35|
|Abstract:||Behavior models of applications are widely used for diagnosing security incidents in complex web-based systems. However, Ajax techniques that enable better web experiences also make it fairly challenging to model Ajax application behaviors in the complex browser environment. In Ajax applications, server-side states are no longer synchronous with the views to end users at the client side. Therefore, to model the behaviors of Ajax applications, it is indispensable to incorporate client-side application states into the behavior models, as being explored by prior work. Unfortunately, how to leverage behavior models to perform security diagnosis in Ajax applications has yet been thoroughly examined. Existing models extracted from Ajax application behaviors are insufficient in a security context. In this paper, we propose a new behavior model for diagnosing attacks in Ajax applications, which abstracts both client-side state transitions as well as their communications to external servers. Our model articulates different states with the browser events or user actions that trigger state transitions. With a prototype implementation, we demonstrate that the proposed model is effective in attack diagnosis for real-world Ajax applications. © 2013 IEEE.|
|Source Title:||Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, ICECCS|
|Appears in Collections:||Staff Publications|
Show full item record
Files in This Item:
There are no files associated with this item.
checked on Jul 14, 2018
WEB OF SCIENCETM
checked on Jun 19, 2018
checked on Jun 1, 2018
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.