Date Approved

2-18-2016

Date Posted

9-14-2016

Degree Type

Open Access Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

College of Technology

Committee Member

Samir Tout, Ph.D. Dissertation Chair

Committee Member

Alphonso Bellamy, Ph.D.

Committee Member

John C. Dugger, Ph.D.

Committee Member

Huei Lee, Ph.D.

Abstract

Web applications and Web services often use a data format known as JavaScript Object Notation (JSON) to exchange information. An attacker can tamper with these exchanges to cause the Web service or application to malfunction in a way that is detrimental to the interests of the owners of the Web application or service. Many such applications or services are involved in processes critical to safety or are vital to business interests. Unfortunately, such critical applications cannot always be relied upon to validate the data sent to them. This creates a need for protection external to the applications themselves. This need has been addressed by researchers in other contexts, but there has been little specific focus on JSON and the use of multiple concurrent anomaly detection methods. Some previously proposed solutions involved the detection of known signatures of attacks, but this reduces the chance that new attacks will be recognized. To increase the ability to detect newly created attacks, this research focuses on anomaly detection using general characteristics, rather than the recognition of specific attacks. The detection method this research employs is the Random Forest ensemble algorithm. Metrics such as Shannon entropy, n-gram analysis, JSON structure similarity, character string length, and JSON attribute values are utilized. A goal of this research was the detection of attacks at a rate at least better than chance expectation. This goal was met and exceeded as experimental results using simulated attacks showed considerably better performance. Furthermore, a mathematical model of the interaction of classifier configuration parameters was developed.

Share

COinS