Paul Jang '15 Customizable Method of Automatically Detecting Malicious User Activity in Web Applications

Abstract:  With the increase in the use of the web and security threats on web applications also at its highest point, the need for better security measures also increases.  In this thesis we present a customizable method of automatically detecting malicious user activity for web applications.  The customizable method has four phases.  First, the method uses information gathered from the web application access logs to represent profiles.  Then with the profile, it goes through the training phase to compare the different profiles to create a threshold.  Then the threshold is used to decide whether or not a new user is a malicious user.  Finally, with the new incoming information and the testing results, the system is calibrated to provide improved results in the future.  In this thesis, the design, implementation, and results from a prototype following the method is presented as well as recommendations for security admins to follow in implementing this method into current web applications.

Faculty Advisors:  Sara Sprenkle