CAPTBHA: COMPLETELY AUTOMATED PROOF-OF-CONCEPT TEST TO TELL BOT AND HUMAN APART IMPLEMENTATION OF BOT DETECTION TECHNIQUE BASED ON WEB NAVIGATION BEHAVIOUR IN JACK-MAPS

CAPTBHA: COMPLETELY AUTOMATED PROOF-OF-CONCEPT TEST TO TELL BOT AND HUMAN APART IMPLEMENTATION OF BOT DETECTION TECHNIQUE BASED ON WEB NAVIGATION BEHAVIOUR IN JACK-MAPS - Bot detection, web navigation behavior, link obfuscation, Support Vector Machine, KNearest Neighbor, Naïve Bayes, Jack-Maps, Web 2.0, Spam 2.

Denial-of-service attack modelling and detection for HTTP/2 services

Businesses and society alike have been heavily dependent on Internet-based services, albeit with experiences of constant and annoying disruptions caused by the adversary class. A malicious attack that can prevent establishment of Internet connections to web servers, initiated from legitimate client machines, is termed as a Denial of Service (DoS) attack; volume and intensity of which is rapidly growing thanks to the readily available attack tools and the ever-increasing network bandwidths. A majority of contemporary web servers are built on the HTTP/1.1 communication protocol. As a consequence, all literature found on DoS attack modelling and appertaining detection techniques, addresses only HTTP/1.x network traffic. This thesis presents a model of DoS attack traffic against servers employing the new communication protocol, namely HTTP/2. The HTTP/2 protocol significantly differs from its predecessor and introduces new messaging formats and data exchange mechanisms. This creates an urgent need to understand how malicious attacks including Denial of Service, can be launched against HTTP/2 services. Moreover, the ability of attackers to vary the network traffic models to stealthy affects web services, thereby requires extensive research and modelling. This research work not only provides a novel model for DoS attacks against HTTP/2 services, but also provides a model of stealthy variants of such attacks, that can disrupt routine web services. Specifically, HTTP/2 traffic patterns that consume computing resources of a server, such as CPU utilisation and memory consumption, were thoroughly explored and examined. The study presents four HTTP/2 attack models. The first being a flooding-based attack model, the second being a distributed model, the third and fourth are variant DoS attack models. The attack traffic analysis conducted in this study employed four machine learning techniques, namely Naïve Bayes, Decision Tree, JRip and Support Vector Machines. The HTTP/2 normal traffic model portrays online activities of human users. The model thus formulated was employed to also generate flash-crowd traffic, i.e. a large volume of normal traffic that incapacitates a web server, similar in fashion to a DoS attack, albeit with non-malicious intent. Flash-crowd traffic generated based on the defined model was used to populate the dataset of legitimate network traffic, to fuzz the machine learning-based attack detection process. The two variants of DoS attack traffic differed in terms of the traffic intensities and the inter-packet arrival delays introduced to better analyse the type and quality of DoS attacks that can be launched against HTTP/2 services. A detailed analysis of HTTP/2 features is also presented to rank relevant network traffic features for all four traffic models presented. These features were ranked based on legitimate as well as attack traffic observations conducted in this study. The study shows that machine learning-based analysis yields better classification performance, i.e. lower percentage of incorrectly classified instances, when the proposed HTTP/2 features are employed compared to when HTTP/1.1 features alone are used. The study shows how HTTP/2 DoS attack can be modelled, and how future work can extend the proposed model to create variant attack traffic models that can bypass intrusion-detection systems. Likewise, as the Internet traffic and the heterogeneity of Internet-connected devices are projected to increase significantly, legitimate traffic can yield varying traffic patterns, demanding further analysis. The significance of having current legitimate traffic datasets, together with the scope to extend the DoS attack models presented herewith, suggest that research in the DoS attack analysis and detection area will benefit from the work presented in this thesis

Intelligent feature selection for detecting http/2 denial of service attacks

Intrusion-detection systems employ machine learning techniques to classify traffic into attack and legitimate. Network flooding attacks can leverage the new web communications protocol (HTTP/2) to bypass intrusion-detection systems. This creates an urgent demand to understand HTTP/2 characteristics and to devise customised cyber-attack detection schemes. This paper proposes Step Sister; a technique to generate an optimum network traffic feature set for network intrusion detection. The proposed technique demonstrates that a consistent set of features are selected for a given HTTP/2 dataset. This allows intrusion-detection systems to classify previously unseen network traffic samples with fewer false alarm than when techniques used in literature were employed. The results show that the proposed technique yields a set of features that, when used for network traffic classification, yields low numbers of false alarms

Detect and Sanitise Encoded Cross-Site Scripting and SQL Injection Attack Strings Using a Hash Map

Cross-Site Scripting (XSS) and SQL injection are the top vulnerabilities found in web applications. Attacks to these vulnerabilities could have been minimised through placing a good filter before the web application processes the malicious strings. However adversaries could craft variations on the attack strings in such a way that they do not get filtered. Checking through all of the possible attack strings was tedious and causes the web application performance to degrade. In this paper, we propose the use of a hash map as a data structure to address the issue. We implemented a proof-of-concept filter which we tested through an open-source web application to show that such filter could sanitise some attack strings that otherwise were too tedious to detect. Our evaluation included comparing the proposed solution with other existing ones such as prepared statements, input length limitation, white list and black list input validation; our proposed solution performed the most efficient

Spatial Biodiversity of Birds in Land Covers of Wetlands on Jakarta’s North Coast

Wetlands are suitable habitats for the coastal bird community. One of the important wetlands is located on Jakarta’s North Coast. Here, this study aims to assess the spatial biodiversity of birds in various land covers of wetlands on Jakarta’s North Coast. In total, there were 23 species belonging to 12 bird families. Ardeidae, Rallidae, and Silviidae bird families have more species compared to other families. The biodiversity H' values in the wetlands dominated by mangrove cover were the highest, at 2.527, followed by the wetlands having less mangrove cover and more water bodies and fish ponds only having H’ values equal to 1.811. The arboreal, small-to-medium-sized birds belong to Nectariniidae, Ploceidae, Silviidae, and Dicaeidae were widely distributed across all land cover. In contrast, the wetlands characterized by mangrove cover dominance combined with muddy substrate coasts were dominated by mid-large water birds belong to Anatidae, Scolopacidae, Ciconiidae, Rallidae, Ardeidae, Phalacrocoracidae, Anhingidae, and Alcedinidae. It is recommended to protect the mangroves and reforest the wetlands with mangroves to provide more habitats for the coastal bird community.

Website Vulnerability to Session Fixation Attacks

Session fixation is a vulnerability of web applications where a malicious attacker gains full control of a victim’s web account without having to use the victim’s credentials such as username and password. Extant defensive techniques and procedures are not completely effective against such attacks. The authors found that some 48% of Indonesian websites are vulnerable to such attacks because, contrary to best software engineering practices, many use default session management IDs generated by their development platforms. This paper presents procedures for identifying vulnerable websites and the results. Keywords: web application security; session fixation; session hijackin

Spatial Biodiversity of Birds in Land Covers of Wetlands on Jakarta’s North Coast

Wetlands are suitable habitats for the coastal bird community. One of the important wetlands is located on Jakarta’s North Coast. Here, this study aims to assess the spatial biodiversity of birds in various land covers of wetlands on Jakarta’s North Coast. In total, there were 23 species belonging to 12 bird families. Ardeidae, Rallidae, and Silviidae bird families have more species compared to other families. The biodiversity H' values in the wetlands dominated by mangrove cover were the highest, at 2.527, followed by the wetlands having less mangrove cover and more water bodies and fish ponds only having H’ values equal to 1.811. The arboreal, small-to-medium-sized birds belong to Nectariniidae, Ploceidae, Silviidae, and Dicaeidae were widely distributed across all land cover. In contrast, the wetlands characterized by mangrove cover dominance combined with muddy substrate coasts were dominated by mid-large water birds belong to Anatidae, Scolopacidae, Ciconiidae, Rallidae, Ardeidae, Phalacrocoracidae, Anhingidae, and Alcedinidae. It is recommended to protect the mangroves and reforest the wetlands with mangroves to provide more habitats for the coastal bird community.

3D Product Viewer for E-Commerce Applications

Despite its huge potential to promote merchandise transactions over the internet, Indonesia does not have enviable e-commerce traffic. The aim of the project is to promote the culture of online shopping in Indonesia, with the benefit of increasing the revenue for the network and content providers. Furthermore, the survey would benefit the Computer-Human Interface interests since it shows that a 3D interaction increases customer’s willingness to buy. The 3D viewer application is developed with Adobe Flash and Sandy 3D engine. The technology was chosen in such as way that it uses a ubiquitous solution. Its advantage over the currently existing solutions is that the viewer can be embedded to any web page seamlessly. The study conducted a survey and found that the 3D viewer fulfills its initial purpose and is easy enough to be used

Spatial Distributions and Model Selections of Commercial Estuarine Fish (Sciaenidae) Populations Related to Water Quality, Chl-a, and AML in Musi River mouth, South Sumatra

Estuary and river mouth are essential habitats for many commercial estuarine fishes, including the Sciaenidae family. While recently, estuaries have been threatened by anthropogenic marine litter (AML) transported from nearby land and river. An important type of AML is plastic litter since it takes a long degradation time. In the South Sumatra Province, Indonesia, one of the vital estuaries is the Musi estuary. This paper aims to map the spatial distributions of two Sciaenids, including Panna microdon and Otolithoides pama, and Sciaenid’s environmental covariates, including water quality, chlorophyll a, and plastic litters in Musi estuary and model the correlations of Sciaenids with their covariates. The maps were developed using GIS, and the model was validated using AIC methods. The data were collected from 3 river mouths in the west, central, and east of the Musi estuary. The data showed that the populations of both Sciaenids were higher in the east river mouth rather than in the west. Sciaenid populations were positively correlated with high salinity, DO, chlorophyll a, moderate transparency, and low temperature. A high load of AML’s frequency (7.54 items/m2) and weights (36.8 gram/m2) has reduced both Sciaenid populations in the central river mouth of the estuary. In contrast, low AML loads in the east have correlated with high Sciaenid populations. Model selection based on AIC values shows the best model for P.microdon retained an effect of AML weight with AIC values of 22.591 and 28.321 for O. pama. This concludes that the weight of plastic litter in estuary water was the main limiting factor for Sciaenid populations in Musi

Desain LKPD Fisika Terintegrasi HOTS Untuk Meningkatkan Kemampuan Berpikir Kritis Peserta Didik

The 2013 curriculum is oriented to the development of the 21st century which is faced with various challenges in the world of education. Things that cause problems in implementing the 2013 curriculum are teacher competencies that are still lacking, online learning facilities are not evenly distributed, and the division of learning hours using a shift system causes the quality of students and education itself to be lacking. This study aims to provide solutions to problems faced in schools, namely by developing HOTS integrated worksheets to improve students' critical thinking skills. This type of research is development (R&D) which refers to the 4-D model, namely define, design, develop, disseminate. The feasibility of the HOTS integrated LKPD media was obtained from the results of expert validation, LKPD media trials in the form of practicality analysis and effectiveness analysis. The improvement of students' critical thinking skills is obtained from the standard value of the N-gain test of students' critical thinking abilities. The results of the study indicate that the HOTS integrated LKPD has been produced which is suitable to be used to improve students' critical thinking skills with a standard N-gain value of 0.71 in the high category.