Date Approved
2-18-2016
Date Posted
9-14-2016
Degree Type
Open Access Dissertation
Degree Name
Doctor of Philosophy (PhD)
Department or School
College of Technology
Committee Member
Samir Tout, Ph.D. Dissertation Chair
Committee Member
Alphonso Bellamy, Ph.D.
Committee Member
John C. Dugger, Ph.D.
Committee Member
Huei Lee, Ph.D.
Abstract
Web applications and Web services often use a data format known as JavaScript Object Notation (JSON) to exchange information. An attacker can tamper with these exchanges to cause the Web service or application to malfunction in a way that is detrimental to the interests of the owners of the Web application or service. Many such applications or services are involved in processes critical to safety or are vital to business interests. Unfortunately, such critical applications cannot always be relied upon to validate the data sent to them. This creates a need for protection external to the applications themselves. This need has been addressed by researchers in other contexts, but there has been little specific focus on JSON and the use of multiple concurrent anomaly detection methods. Some previously proposed solutions involved the detection of known signatures of attacks, but this reduces the chance that new attacks will be recognized. To increase the ability to detect newly created attacks, this research focuses on anomaly detection using general characteristics, rather than the recognition of specific attacks. The detection method this research employs is the Random Forest ensemble algorithm. Metrics such as Shannon entropy, n-gram analysis, JSON structure similarity, character string length, and JSON attribute values are utilized. A goal of this research was the detection of attacks at a rate at least better than chance expectation. This goal was met and exceeded as experimental results using simulated attacks showed considerably better performance. Furthermore, a mathematical model of the interaction of classifier configuration parameters was developed.
Recommended Citation
Miller, Brett N., "Detection of malicious content in JSON structured data using multiple concurrent anomaly detection methods" (2016). Master's Theses and Doctoral Dissertations. 663.
https://commons.emich.edu/theses/663