ERA

Download the full-sized PDF of Empirically Driven Investigation of Dependability and Security Issues in Internet-Centric SystemsDownload the full-sized PDF

Analytics

Share

Permanent link (DOI): https://doi.org/10.7939/R30P7D

Download

Export to: EndNote  |  Zotero  |  Mendeley

Communities

This file is in the following communities:

Graduate Studies and Research, Faculty of

Collections

This file is in the following collections:

Theses and Dissertations

Empirically Driven Investigation of Dependability and Security Issues in Internet-Centric Systems Open Access

Descriptions

Other title
Subject/Keyword
network intrusion detection system
web system reliability
data mining
session timeout threshold
web application security
web application vulnerabilities
session workload
Type of item
Thesis
Degree grantor
University of Alberta
Author or creator
Huynh, Toan Nguyen Duc
Supervisor and department
Miller, James (Electrical and Computer Engineering)
Examining committee member and department
Gaudet, Vincent (Electrical and Computer Engineering)
Hoover, H. James (Computing Science)
Aycock, John (Computer Science, University of Calgary)
Hu, Yu (Bryan) (Electrical and Computer Engineering)
Department
Department of Electrical and Computer Engineering
Specialization

Date accepted
2010-04-14T20:56:04Z
Graduation date
2010-06
Degree
Doctor of Philosophy
Degree level
Doctoral
Abstract
The Web, being the most popular component of the Internet, has been transformed from a static information-serving medium into a fully interactive platform. This platform has been used by developers to create web applications rivaling traditional desktop systems. Designing, developing and evaluating these applications require new or modified methodologies, techniques and tools because of the different characteristics they exhibit. This dissertation discusses two important areas for developing and evaluating these applications: security and data mining. In the security area, a survey using a process similar to the Goal Question Metric approach examines the properties of web application vulnerabilities. Using results from the survey, a white-box approach to identify web applications’ vulnerabilities is proposed. Although the approach eliminates vulnerabilities during the development process, it does not protect existing web applications that have not utilized the approach. Hence, an Anomaly-based Network Intrusion Detection System, called AIWAS, is introduced. AIWAS protects web applications through the analysis of interactions between the users and the web applications. These interactions are classified as either benign or malicious; malicious interactions are prevented from reaching the web applications under protection. In the data mining area, the method of reliability estimation from server logs is examined in detail. This examination reveals the fact that the session workload is currently obtained using a constant Session Timeout Threshold (STT) value. However, each website is unique and should have its own STT value. Hence, an initial model for estimating the STT is introduced to encourage future research on sessions to use a customized STT value per website. This research on the STT leads to a deeper investigation of the actual session workload unit. More specifically, the distributional properties of the session workload are re-examined to determine whether the session workload can be described as a heavy-tailed distribution.
Language
English
DOI
doi:10.7939/R30P7D
Rights
License granted by Toan Huynh (toan@hlksi.com) on 2010-04-14 (GMT): Permission is hereby granted to the University of Alberta Libraries to reproduce single copies of this thesis and to lend or sell such copies for private, scholarly or scientific research purposes only. Where the thesis is converted to, or otherwise made available in digital form, the University of Alberta will advise potential users of the thesis of the above terms. The author reserves all other publication and other rights in association with the copyright in the thesis, and except as herein provided, neither the thesis nor any substantial portion thereof may be printed or otherwise reproduced in any material form whatsoever without the author's prior written permission.
Citation for previous publication

File Details

Date Uploaded
Date Modified
2014-04-30T23:58:21.543+00:00
Audit Status
Audits have not yet been run on this file.
Characterization
File format: pdf (Portable Document Format)
Mime type: application/pdf
File size: 1607306
Last modified: 2015:10:12 20:39:24-06:00
Filename: Huynh_Toan_Spring_2010.pdf
Original checksum: f220c0b9482b6fc797bca3e2992acc3c
Well formed: true
Valid: true
File title: Microsoft Word - Thesis 06.doc
File author: typus
Page count: 180
Activity of users you follow
User Activity Date