Analyzing HTTP requests for web intrusion detection

Many web application security problems related to intrusion have resulted from the rapid development of web applications. To reduce the risk of web application problems, web application developers need to take measures to write secure applications to prevent known attacks. When such measures fail, it is important to detect such attacks and find the source of the attacks to reduce the estimated risks. Intrusion detection is one of the powerful techniques designed to identify and prevent harm to the system. Most defensive techniques in Web Intrusion Systems are not able to deal with the complexity of cyber-attacks in web applications. However, machine learning approaches could help to detect known and unknown web application attacks. In this paper, we present machine learning techniques to classify the HTTP requests in the well-known dataset CSIC 2010 HTTP (Giménez et al., 2012) as normal or abnormal traffic, and we compare our experimental results with the results reported by Pham et al. in 2016 and Nguyen et al. in 2011. These experiments produce results for overlapping sets of machine-learning techniques and different sets of features, allowing us to compare how good the various feature sets are for the various machine-learning techniques, at least on this dataset. Keywords: intrusion detection system; anomaly detection; web application attacks; machine learning

Situations and Evidence for Identity Using Dempster-Shafer Theory

We present a computational framework for identity based on Barwise and Devlin’s situation theory. We present an example with constellations of situations identifying an individual to create what we call id-situations, where id-actions are performed, along with supporting situations. We use Semantic Web standards to represent and reason about the situations in our example. We show how to represent the strength of the evidence, within the situations, as a measure of the support for judgments reached in the id-situation. To measure evidence of an identity from the supporting situations, we use the Dempster-Shafer theory of evidence. We enhance Dempster- Shafer theory in two ways to leverage the information available in a constellation of situations. One way exploits the structure within the situations, and the other way interprets the information-relationships in terms of argument schemes

An Autonomic Computing System based on a Rule-based Policy Engine and Artificial Immune Systems

Autonomic computing systems arose from the notion that complex computing systems should have properties like those of the autonomic nervous system, which coordinates bodily functions and allows attention to be directed to more pressing needs. An autonomic system allows the system administrator to specify high-level policies, which the system maintains without administrator assistance. Policy enforcement can be done with a rule based system such as Jess (a java expert system shell). An autonomic system must be able to monitor itself, and this is often a limiting factor. We are developing an automatic system that has a policy engine and uses Artificial Immune Systems (AISs) to sense its environment and to monitor its components and performance. AISs emulate the natural immune system to defend the body against external malicious entities. The proposed system monitors itself without human intervention and thus addresses the problem of systems complexity

The background and use of the term 'idea' by Malebranche, Locke and Leibniz

The general distinction between uses of the term "idea" which we draw is between occurrences in the mind and dispositions for them as opposed to concepts. Locke uses "idea" in the first way, Malebranche uses it in the second. Leibniz allows that the mind is infinite and that dispositions in the body correspond to dispositions in the mind; thus he is able to maintain that idea are both concepts and dispositions in the mind. We explain concepts in terms of conventional rules, for the most part linguistic and especially mathematical. We call a system of conventional rules an objective structure and, as those who took ideas to be concepts held that they are concepts of divine science, we treat God as the unique objective structure. The question in seventeenth century theories of ideas is how that body of knowledge comprising ideas and their relations is applicable to thing. In the first four chapters, we consider concepts and the Cartesian programme to reduce the description of everything but that which applies concepts to mathematical descriptions. Descartes, Malebranche, and Leibniz held that the lack of simplicity and exactness in human knowledge arises from the correspondence between microscopic activities in the body and mental occurrences. With occurrences in the body explained mechanically, it was held, the world can be described with maximum simplicity and exactness. Extended things are law-obeying configurations to which concepts are applied; thinking things are rule-following things by virtue of applying these concepts. But the parts played by convention and behaviour are left out of their accounts and, omitting these, the world cannot be shown to be anything more than a diagram, perhaps portrayed only in the mind of the investigator. In the antepenultimate chapter, we discuss two related views which led the rationalists to maintain that all rational beings naturally follow a unique objective structure: their position on the correspondence between the activity of the body and occurrences in the mind (illustrated in their theories of vision) and the view that divine science is the standard for all scientific formulations. In the penultimate chapter, we present evidence that rationalist accounts of cognition were in fact modelled on rule-governed activity, Plato's theory of knowledge and Ideas is compared with rationalist accounts and is found to have less relevance to rule-governed activity, Kant, we admit, saw the relevance of rules, but no more than the rationalists. In the ninth chapter, we discuss Malebranche's vision in God (which most clearly presents ideas as concepts), its relation to Descartes' and Leibniz's positions and its dependent on occasionalism. In the fifth chapter, we argue against Chomsky's innatist position and, more generally, claims in the behavioural and social sciences to explain human knowledge in terms of internalized components and covert activities. It is also maintained that Chomsky's innatism bears little resemblance to that of seventeenth century rationalism. We discuss in the sixth through the eighth chapters the Scholastic back-ground to the use of the term "idea" and theories of ideas. In the sixth chapter, the pervasive influence of Suarez is established, as is the prevalence of nominalism in the seventeenth century and its connection with Gaszendism and eventually Locke. Suarez combined aspects of Thomism and nominalism, Thomism was concerned with so-called spiritual objects of knowledge, which roughly act as standards and are the contribution of the knower to what is known; rationalism's account of knowledge maintained these aspects of Thomism, nominalism, on the other hand, presented what we shall call a causal or genetic account of knowledge (according to which our knowledge arises from causal relations and operations of the intellect) and was concerned with so-called material objects got from sensation (while allowing for spiritual operations). The distinction between spiritual and material objects and faculties is introduced in the sixth chapter. In the seventh chapter, we discuss the bridge between these facilities, the intellectus agens, which served as an objective structure in Thomist accounts. In the eight chapter, we discuss uses of “spiritual”, “idea” and “mind”, beginning with Scholastic uses, but concentrating on the differences between Descartes and Gassendi. Locke’s causal account is discussed in the final chapter. We emphasise his divergence from Cartesianism, such as his view on the narrow compass of the understanding, his treatment of mathematical ideas as signs and his reliance on mental dispositions. Locke’s position suffers from the omission of concepts

An Analyst’s Geospatial and Ontological Assistant

We discuss an Intelligence Analyst’s Geospatial and Ontological Assistant (IAGOA) under development that associates an intelligence analyst’s understanding of an agent’s activities with the geospatial features of the area of operation where they take place. Activities are identified with frames for the corresponding verbs from the FrameNet lexical database. A modeler, using the FrameNet OWL distribution, produces software used by the analyst to update a KML file with annotations identifying instantiations of the frames elements of the relevant frames. The Google Earth API is used for rendering KML files and scripting. The agent is tracked and the analyst’s conjecture of its activity is simulated; the analyst can redo her conjecture if need be. IAGOA’s FrameNet-based approach instantiates concepts inherent in language, making explicit the activities and the constellation of role-fillers involved in these activities

The WebID Protocol Enhanced With Group Access, Biometrics, and Access Policies

The WebID protocol solves the challenge of remembering usernames and passwords. We enhance this protocol in three ways. First, we give it the ability to manage groups of agents and control their access to resources on the Web. Second, we add support for biometric access control to enhance security. Finally, we add support for OWL-based policies that may be federated and result in flexible access control

Presentation Attack Detection using Convolutional Neural Networks and Local Binary Patterns

The use of biometrics to authenticate users and control access to secure areas has become extremely popular in recent years, and biometric access control systems are frequently used by both governments and private corporations. However, these systems may represent risks to security when deployed without considering the possibility of biometric presentation attacks (also known as spoofing). Presentation attacks are a serious threat because they do not require significant time, expense, or skill to carry out while remaining effective against many biometric systems in use today. This research compares three different software-based methods for facial and iris presentation attack detection in images. The first method uses Inception-v3, a pre-trained deep Convolutional Neural Network (CNN) made by Google for the ImageNet challenge, which is retrained for this problem. The second uses a shallow CNN based on a modified Spoofnet architecture, which is trained normally. The third is a texture-based method using Local Binary Patterns (LBP). The datasets used are the ATVS-FIr dataset, which contains real and fake iris images, and the CASIA Face Anti-Spoofing Dataset, which contains real images as well as warped photos, cut photos, and video replay presentation attacks. We also present a third set of results, based on cropped versions of the CASIA images

A histological study of the bacteria Escherichia coli and Serratia marcescens in the larval stages of the European corn borer

There is no abstract available for this research paper.Thesis (M.A.