Sécurité des applications Web : Analyse, modélisation et détection des attaques par apprentissage automatique

Abstract : Web applications are the backbone of modern information systems. The Internet exposure of these applications continually generates new forms of threats that can jeopardize the security of the entire information system. To counter these threats, there are robust and feature-rich solutions. These solutions are based on well-proven attack detection models, with advantages and limitations for each model. Our work consists in integrating functionalities of several models into a single solution in order to increase the detection capacity. To achieve this objective, we define in a first contribution, a classification of the threats adapted to the context of the Web applications. This classification also serves to solve some problems of scheduling analysis operations during the detection phase of the attacks. In a second contribution, we propose an architecture of Web application firewall based on two analysis models. The first is a behavioral analysis module, and the second uses the signature inspection approach. The main challenge to be addressed with this architecture is to adapt the behavioral analysis model to the context of Web applications. We are responding to this challenge by using a modeling approach of malicious behavior. Thus, it is possible to construct for each attack class its own model of abnormal behavior. To construct these models, we use classifiers based on supervised machine learning. These classifiers use learning datasets to learn the deviant behaviors of each class of attacks. Thus, a second lock in terms of the availability of the learning data has been lifted. Indeed, in a final contribution, we defined and designed a platform for automatic generation of training datasets. The data generated by this platform is standardized and categorized for each class of attacks. The learning data generation model we have developed is able to learn "from its own errors" continuously in order to produce higher quality machine learning datasets .
Complete list of metadatas

Cited literature [66 references]  Display  Hide  Download

https://pastel.archives-ouvertes.fr/tel-01668540
Contributor : Abes Star <>
Submitted on : Wednesday, December 20, 2017 - 10:11:19 AM
Last modification on : Friday, May 17, 2019 - 1:03:19 PM

File

TheseMakiou.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01668540, version 1

Citation

Abdelhamid Makiou. Sécurité des applications Web : Analyse, modélisation et détection des attaques par apprentissage automatique. Cryptographie et sécurité [cs.CR]. Télécom ParisTech, 2016. Français. ⟨NNT : 2016ENST0084⟩. ⟨tel-01668540⟩

Share

Metrics

Record views

580

Files downloads

3139