Customizable Method of Automatically Detecting Malicious User Activity in Web Applications (thesis)

Abstract

With the increase in the use of the web and security threats on web applications also at its highest point, the need for better security measures also increases. In this thesis we present a customizable method of automatically detecting malicious user activity for web applications. The customizable method has four phases. First, the method is uses information gathered from the web application access logs to represent the data in a certain way to create individual and typical user pro_les. Then with the pro_le it goes through the training phase to compare the di_erent pro_les to create a threshold. Then threshold is then used to decide whether or not a new user is a malicious user or not. Finally, with new incoming information and the testing results, the system is calibrated to provide improved results in the future. In this thesis the design, implementation and results from a prototype following the method is presented as well as recommendations for security admins to follow in implementing this method into current web applications.