The Web, being the most popular component of the Internet, has been transformed from a static information-serving medium into a fully interactive platform. This platform has been used by developers to create web applications rivaling traditional desktop systems. Designing, developing and evaluating these applications require new or modified methodologies, techniques and tools because of the different characteristics they exhibit. This dissertation discusses two important areas for developing and evaluating these applications: security and data mining.
In the security area, a survey using a process similar to the Goal Question Metric approach examines the properties of web application vulnerabilities. Using results from the survey, a white-box approach to identify web applications vulnerabilities is proposed. Although the approach eliminates vulnerabilities during the development process, it does not protect existing web applications that have not utilized the approach. Hence, an Anomaly-based Network Intrusion Detection System, called AIWAS, is introduced. AIWAS protects web applications through the analysis of interactions between the users and the web applications. These interactions are classified as either benign or malicious; malicious interactions are prevented from reaching the web applications under protection.
In the data mining area, the method of reliability estimation from server logs is examined in detail. This examination reveals the fact that the session workload is currently obtained using a constant Session Timeout Threshold (STT) value. However, each website is unique and should have its own STT value. Hence, an initial model for estimating the STT is introduced to encourage future research on sessions to use a customized STT value per website. This research on the STT leads to a deeper investigation of the actual session workload unit. More specifically, the distributional properties of the session workload are re-examined to determine whether the session workload can be described as a heavy-tailed distribution. / Software Engineering and Intelligent Systems
Identifer | oai:union.ndltd.org:LACETR/oai:collectionscanada.gc.ca:AEU.10048/1112 |
Date | 06 1900 |
Creators | Huynh, Toan Nguyen Duc |
Contributors | Miller, James (Electrical and Computer Engineering), Hu, Yu (Bryan) (Electrical and Computer Engineering), Gaudet, Vincent (Electrical and Computer Engineering), Hoover, H. James (Computing Science), Aycock, John (Computer Science, University of Calgary) |
Source Sets | Library and Archives Canada ETDs Repository / Centre d'archives des thèses électroniques de Bibliothèque et Archives Canada |
Language | English |
Detected Language | English |
Type | Thesis |
Format | 1607306 bytes, application/pdf |
Relation | Practical Elimination of External Interaction Vulnerabilities in Web Applications, T. Huynh, J. Miller, Journal of Web Engineering, Vol. 9, No. 1, pp. 1-24, 2010., Another viewpoint on "Evaluating Web Software Reliability Based on Workload and Failure Data Extracted from Server Logs", T. Huynh, J. Miller, Journal of Empirical Software Engineering, Vol. 14, pp. 371-396, 2009., Empirical Observations on the Session Timeout Threshold, T Huynh, J. Miller, Journal of Information Processing & Management, Vol. 45, No. 5, pp. 513-528, 2009., Investigating the Distributional Property of the Session Workload, J. Miller, T. Huynh, Journal of Web Engineering, Vol. 9, No. 1, pp 25-47, 2010. |
Page generated in 0.0029 seconds