Presentation is loading. Please wait.

Presentation is loading. Please wait.

N-Gram-based Dynamic Web Page Defacement Validation Woonyon Kim Aug. 23, 2004 NSRI, Korea.

Published byLisa Shona Barker Modified over 8 years ago

Similar presentations

Presentation on theme: "N-Gram-based Dynamic Web Page Defacement Validation Woonyon Kim Aug. 23, 2004 NSRI, Korea."— Presentation transcript:

1 N-Gram-based Dynamic Web Page Defacement Validation Woonyon Kim Aug. 23, 2004 NSRI, Korea

2 Contents Introduction Related Works N-Gram Frequency Index N-Gram-based Index Distance Experiments Conclusions

3 Introduction Defacement of Web Sites  CSI/FBI 2001  38 % of web sites were hacked.  21% of hacked sites were not aware of their own defacements.  Zone-h  The defaced web pages are rapidly increased year by year. (.kr domain : about 200% increase) Current solutions  Hash-based detection system for minimizing damage  Intrusion-tolerant system for contiguous service Problems of current solutions  Current solutions use hash code as validation metric. Hash code can ’ t support dynamic characteristics.

4 Introduction N-Gram-based Index Distance (NGID)  A validation metric of dynamically changing web pages  The sum of absolute differences of frequency probability of N-Grams that can be found from both indexes.  NGID represents the similarity of two web pages.  NGID can be used to validate web pages with dynamic components or static.

5 Related Works Hash-based validation system  Detecting web page defacements by comparing two hash codes  Hash code is useful metric for large and static web pages.  Hash code can ’ t work properly on the dynamically changing web pages. Intrusion-tolerant system  Hash code is used to validate web pages.  It also has limitation on dynamic web pages.

6 N-Gram Frequency Index (1) N-Gram  An N-character slice of a string  For example “ TEXT ”  2-Gram : TE, EX, XT N-Gram Frequency Index  An index file that is sorted from the most frequent N- Grams to the least frequent ones  It cuts off N-Grams below at a particular rank. So, minor changes are ignored. And this feature of N-Gram Frequency Index supports dynamics.

7 N-Gram Frequency Index (2) How to generate  Count all N-Grams frequencies in a web page.  Sort N-Grams from the most frequent to the least.  Cut off N-Grams below at a particular rank.  Sum up the frequencies of the remained N-Grams.  Compute the probability of each N-Gram frequency.  Save the N-Grams, frequency of the N-Grams, the probability of N-Grams into an index file.

8 N-Gram-based Index Distance(NGID) The sum of absolute difference of frequency probability of same N-Grams that can be found from both web pages. A metric for detecting whether a web page is defaced or not.

9 N-Gram-based Index Distance Evaluation is done by comparing NGID to validation threshold Evaluation  Valid : NGID <= Validation Threshold  Invalid : NGID > Validation Threshold

10 Experiments Assumptions  Select 100 web pages  Choose 0.1 for Validation Threshold of NGID. Procedure for false positive  Connect to a selected web page at a time in remote place.  Download a page and save it a file.  Validate it using NGID.  Validate it using Hash Code.  Above four steps are recursively applied.  Every 30-minute in a day News PaperBroadcastPortalPublicTotal 38151433100

11 Experiments False Positive News Paper Broadc ast PortalPublicTotal No. of Web Sites38151433100 No. of False Positive (MD5) 291412863 No. of False Positive (NGID) 11002

12 Experiments False Positive

13 Experiments NGID value as time flows The time of contents update 1 2

14 Experiments Procedure for false negative  Collecting 50 web pages that are normal pages and hacked pages from zone-h.  Validate it using NGID.  Validate it using Hash Code. Result of Hash code  50-web pages are detected to be defaced.  The number of false negative is 0.

15 Experiments False Negative

16 Conclusions N-Gram-based Index Distance  A metric to evaluate dynamic web page defacement.  NGID can validate dynamically changing web pages. Future Works  Need a learning model to resolve a validation threshold of each web page.  Need a feedback mechanism of normal index.

Download ppt "N-Gram-based Dynamic Web Page Defacement Validation Woonyon Kim Aug. 23, 2004 NSRI, Korea."

Similar presentations

Managing Web server performance with AutoTune agents by Y. Diao, J. L. Hellerstein, S. Parekh, J. P. Bigu Jangwon Han Seongwon Park 2011-12-21.

Managing Web server performance with AutoTune agents by Y. Diao, J. L. Hellerstein, S. Parekh, J. P. Bigu Jangwon Han Seongwon Park
Spelling Correction for Search Engine Queries Bruno Martins, Mario J. Silva In Proceedings of EsTAL-04, España for Natural Language Processing Presenter:

Spelling Correction for Search Engine Queries Bruno Martins, Mario J. Silva In Proceedings of EsTAL-04, España for Natural Language Processing Presenter:
CMo: When Less Is More Yevgen Borodin Jalal Mahmud I.V. Ramakrishnan Context-Directed Browsing for Mobiles.

CMo: When Less Is More Yevgen Borodin Jalal Mahmud I.V. Ramakrishnan Context-Directed Browsing for Mobiles.
Crawling, Ranking and Indexing. Organizing the Web The Web is big. Really big. –Over 3 billion pages, just in the indexable Web The Web is dynamic Problems:

Crawling, Ranking and Indexing. Organizing the Web The Web is big. Really big. –Over 3 billion pages, just in the indexable Web The Web is dynamic Problems:
DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.

DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.
Video Shot Boundary Detection at RMIT University Timo Volkmer, Saied Tahaghoghi, and Hugh E. Williams School of Computer Science & IT, RMIT University.

Video Shot Boundary Detection at RMIT University Timo Volkmer, Saied Tahaghoghi, and Hugh E. Williams School of Computer Science & IT, RMIT University.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Web Search – Summer Term 2006 IV. Web Search - Crawling (c) Wolfgang Hürst, Albert-Ludwigs-University.

Web Search – Summer Term 2006 IV. Web Search - Crawling (c) Wolfgang Hürst, Albert-Ludwigs-University.
What ’ s Hot and What ’ s Not: Tracking Most Frequent Items Dynamically G. Cormode and S. Muthukrishman Rutgers University ACM Principles of Database Systems.

What ’ s Hot and What ’ s Not: Tracking Most Frequent Items Dynamically G. Cormode and S. Muthukrishman Rutgers University ACM Principles of Database Systems.
1 LM Approaches to Filtering Richard Schwartz, BBN LM/IR ARDA 2002 September 11-12, 2002 UMASS.

1 LM Approaches to Filtering Richard Schwartz, BBN LM/IR ARDA 2002 September 11-12, 2002 UMASS.
Information retrieval Finding relevant data using irrelevant keys Example: database of photographic images sorted by number, date. DBMS: Well structured.

Information retrieval Finding relevant data using irrelevant keys Example: database of photographic images sorted by number, date. DBMS: Well structured.
Introduction to Language Models Evaluation in information retrieval Lecture 4.

Introduction to Language Models Evaluation in information retrieval Lecture 4.
SMS-Based web Search for Low- end Mobile Devices Jay Chen New York University Lakshmi Subramanian New York University

SMS-Based web Search for Low- end Mobile Devices Jay Chen New York University Lakshmi Subramanian New York University
Learning Table Extraction from Examples Ashwin Tengli, Yiming Yang and Nian Li Ma School of Computer Science Carnegie Mellon University Coling 04.

Learning Table Extraction from Examples Ashwin Tengli, Yiming Yang and Nian Li Ma School of Computer Science Carnegie Mellon University Coling 04.
Expediting Programmer AWAREness of Anomalous Code Sarah E. Smith Laurie Williams Jun Xu November 11, 2005.

Expediting Programmer AWAREness of Anomalous Code Sarah E. Smith Laurie Williams Jun Xu November 11, 2005.
Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.

Jarhead Analysis and Detection of Malicious Java Applets Johannes Schlumberger, Christopher Kruegel, Giovanni Vigna University of California Annual Computer.
Lecturer: Ghadah Aldehim

Lecturer: Ghadah Aldehim
INTRODUCTION TO DHTML. TOPICS TO BE DISCUSSED……….  Introduction Introduction  UsesUses  ComponentsComponents  Difference between HTML and DHTMLDifference.

INTRODUCTION TO DHTML. TOPICS TO BE DISCUSSED……….  Introduction Introduction  UsesUses  ComponentsComponents  Difference between HTML and DHTMLDifference.
DETECTING NEAR-DUPLICATES FOR WEB CRAWLING Authors: Gurmeet Singh Manku, Arvind Jain, and Anish Das Sarma Presentation By: Fernando Arreola.

DETECTING NEAR-DUPLICATES FOR WEB CRAWLING Authors: Gurmeet Singh Manku, Arvind Jain, and Anish Das Sarma Presentation By: Fernando Arreola.
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.

1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.

Similar presentations

Ads by Google