The Experts below are selected from a list of 2931 Experts worldwide ranked by ideXlab platform
Giovanni Vigna - One of the best experts on this subject based on the ideXlab platform.
-
Meerkat: Detecting WebSite Defacements through Image-based Object Recognition
2016Co-Authors: Kevin Borgolte, Christopher Kruegel, Giovanni VignaAbstract:WebSite defacements and WebSite vandalism can inflict sig-nificant harm on the WebSite owner through the loss of sales, the loss in reputation, or because of legal ramifications. Prior work on WebSite defacements detection focused on detecting unauthorized changes to the Web server, e.g., via host-based intrusion detection systems or file-based integrity checks. However, most prior approaches lack the capabili-ties to detect the most prevailing defacement techniques used today: code and/or data injection attacks, and DNS hijack-ing. This is because these attacks do not actually modify the code or configuration of the WebSite, but instead they intro-duce new content or redirect the user to a different WebSite. In this paper, we approach the problem of defacement detection from a different angle: we use computer vision techniques to recognize if a WebSite was defaced, similarly to how a human analyst decides if a WebSite was defaced when viewing it in a Web browser. We introduce MEERKAT, a defacement detection system that requires no prior knowledge about the WebSite’s content or its structure, but only its URL. Upon detection of a defacement, the system notifies the WebSite operator that his WebSite is defaced, who can then take appropriate action. To detect defacements, MEERKAT automatically learns high-level features from screenshots of defaced WebSites by combining recent advances in machine learning, like stacked autoencoders and deep neural networks, with techniques from computer vision. These features are then used to create models that allow for the detection of newly-defaced WebSites. We show the practicality of MEERKAT on the Largest Web-Site defacement dataset to date, comprising of 10,053,772 defacements observed between January 1998 and May 2014, and 2,554,905 legitimate WebSites. Overall, MEERKAT achieves true positive rates between 97.422 % and 98.816%, false positive rates between 0.547 % and 1.528%, and Bayesian detection rates1 between 98.583 % and 99.845%, thus significantly outperforming existing approaches. 1The Bayesian detection rate is the likelihood that if we detect a WebSite as defaced, it actually is defaced, i.e., P(true positive|positive).
Kevin Borgolte - One of the best experts on this subject based on the ideXlab platform.
-
Meerkat: Detecting WebSite Defacements through Image-based Object Recognition
2016Co-Authors: Kevin Borgolte, Christopher Kruegel, Giovanni VignaAbstract:WebSite defacements and WebSite vandalism can inflict sig-nificant harm on the WebSite owner through the loss of sales, the loss in reputation, or because of legal ramifications. Prior work on WebSite defacements detection focused on detecting unauthorized changes to the Web server, e.g., via host-based intrusion detection systems or file-based integrity checks. However, most prior approaches lack the capabili-ties to detect the most prevailing defacement techniques used today: code and/or data injection attacks, and DNS hijack-ing. This is because these attacks do not actually modify the code or configuration of the WebSite, but instead they intro-duce new content or redirect the user to a different WebSite. In this paper, we approach the problem of defacement detection from a different angle: we use computer vision techniques to recognize if a WebSite was defaced, similarly to how a human analyst decides if a WebSite was defaced when viewing it in a Web browser. We introduce MEERKAT, a defacement detection system that requires no prior knowledge about the WebSite’s content or its structure, but only its URL. Upon detection of a defacement, the system notifies the WebSite operator that his WebSite is defaced, who can then take appropriate action. To detect defacements, MEERKAT automatically learns high-level features from screenshots of defaced WebSites by combining recent advances in machine learning, like stacked autoencoders and deep neural networks, with techniques from computer vision. These features are then used to create models that allow for the detection of newly-defaced WebSites. We show the practicality of MEERKAT on the Largest Web-Site defacement dataset to date, comprising of 10,053,772 defacements observed between January 1998 and May 2014, and 2,554,905 legitimate WebSites. Overall, MEERKAT achieves true positive rates between 97.422 % and 98.816%, false positive rates between 0.547 % and 1.528%, and Bayesian detection rates1 between 98.583 % and 99.845%, thus significantly outperforming existing approaches. 1The Bayesian detection rate is the likelihood that if we detect a WebSite as defaced, it actually is defaced, i.e., P(true positive|positive).
Christopher Kruegel - One of the best experts on this subject based on the ideXlab platform.
-
Meerkat: Detecting WebSite Defacements through Image-based Object Recognition
2016Co-Authors: Kevin Borgolte, Christopher Kruegel, Giovanni VignaAbstract:WebSite defacements and WebSite vandalism can inflict sig-nificant harm on the WebSite owner through the loss of sales, the loss in reputation, or because of legal ramifications. Prior work on WebSite defacements detection focused on detecting unauthorized changes to the Web server, e.g., via host-based intrusion detection systems or file-based integrity checks. However, most prior approaches lack the capabili-ties to detect the most prevailing defacement techniques used today: code and/or data injection attacks, and DNS hijack-ing. This is because these attacks do not actually modify the code or configuration of the WebSite, but instead they intro-duce new content or redirect the user to a different WebSite. In this paper, we approach the problem of defacement detection from a different angle: we use computer vision techniques to recognize if a WebSite was defaced, similarly to how a human analyst decides if a WebSite was defaced when viewing it in a Web browser. We introduce MEERKAT, a defacement detection system that requires no prior knowledge about the WebSite’s content or its structure, but only its URL. Upon detection of a defacement, the system notifies the WebSite operator that his WebSite is defaced, who can then take appropriate action. To detect defacements, MEERKAT automatically learns high-level features from screenshots of defaced WebSites by combining recent advances in machine learning, like stacked autoencoders and deep neural networks, with techniques from computer vision. These features are then used to create models that allow for the detection of newly-defaced WebSites. We show the practicality of MEERKAT on the Largest Web-Site defacement dataset to date, comprising of 10,053,772 defacements observed between January 1998 and May 2014, and 2,554,905 legitimate WebSites. Overall, MEERKAT achieves true positive rates between 97.422 % and 98.816%, false positive rates between 0.547 % and 1.528%, and Bayesian detection rates1 between 98.583 % and 99.845%, thus significantly outperforming existing approaches. 1The Bayesian detection rate is the likelihood that if we detect a WebSite as defaced, it actually is defaced, i.e., P(true positive|positive).
