Department of Computer Science and Information Systems

Permanent URI for this collectionhttp://localhost:4000/handle/123456789/1928

Browse

Filters

2019 - 20202

Settings

Author: search.filters.author.Agarwal, VintiSubject: search.filters.subject.Data Mining

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Identifying Anomalous HTTP Traffic with Association Rule Mining
    (IEEE, 2019) Agarwal, Vinti
    Web applications are compromised by exploiting different vulnerabilities. The protection systems designed to detect such attacks, screen the HTTP requests to decide whether a particular request is benign or malicious. Generating effective screening rules governs the detection performance and false positive rate. In this paper, we propose to generate classification rules to identify malicious HTTP requests using co-occurrence between certain character combinations. Our idea is motivated by the fact that, a successful attack will have some combination of characters together. For e.g., in an SQL injection attack = sign may appear along with “'”. We propose to learn such character combinations using association rules with a set of carefully chosen feature (character) set. We experiment with a publicly available HTTP dataset and show that malicious HTTP requests can be identified with rules generated from such associations.
  • No Thumbnail Available
    Item
    CTI-Twitter: Gathering Cyber Threat Intelligence from Twitter using Integrated Supervised and Unsupervised Learning
    (IEEE, 2020) Agarwal, Vinti
    Cyber threat intelligence (CTI) can be gathered from multiple sources, and Twitter is one such open source platform where a large volume and variety of threat data is shared every day. The automated and timely mining of relevant threat knowledge from this data can be crucial for enrichment of existing threat intelligence platforms to proactively defend against cyber attacks. We propose CTI-Twitter: a novel frame-work combining supervised and unsupervised learning models to collect, process, analyze and generate threat specific knowledge from tweets coming from multiple users. CTI-Twitter has multi-fold contributions: i) first collecting tweets through Twitter API, ii) extracting relevant threat tweets from irrelevant ones, and classifying relevant ones into multiple classes of threats iii) then grouping tweets belonging to each class using topic modeling iv) finally performing data enrichment and verification process. We evaluate our proposed model on real-time tweets collected for about four months (in year 2020) using Twitter API. The encouraging results obtained indicate the effectiveness of CTI-Twitter in terms of timeliness and discovery of trending attacks patterns, and vulnerabilities.