ANTI-WEBSITE DEFACEMENT SYSTEM

Trần Đắc Tốt, Đặng Lê Nam, Phạm Nguyễn Huy Phương

Abstract


Recently the impacts of hackers’ attacks which change the interface and content of Website are particularly serious. Therefore, there should be methods to allow real-time detection of these changes to reduce the consequences of these attacks. This article presents a new method to detect the changes of the interface and content of Website. Our proposed method is developed based on the HTML Boyer-Moore algorithm combined with the MD5 hash function and has been built into an application with a user-friendly interface. Moreover, we applied C4.5 algorithm to enhance the accuracy of the warning messages. Changes to the Website such as inserting new content, deleting or editing old content, changing the format, color, size, and type of content will be immediately recorded and notified to the Website administrator. The application will also highlight the locations of these changes and send a warning message and recommendations to the webmaster for processing. Experiment results show that the proposed method can accurately locate and produce spontaneous warnings to the Website administrator.

Keywords


Defacement attack; Defect attack alert; Integrity checking; String matching; Website monitoring.

References


Amanda, A. (2003). Surviving security: How to integrate people, process, and technology. Florida, USA: CRC Press.

Boyer, R. S., & Moore, J. S. (1977). A fast string searching algorithm. Magazine Communications of the ACM, 20(10), 762-772.

British Broadcasting Company (BBC). (2012). Chinese websites 'defaced in Anonymous attack'. Retrieved from http://www.bbc.co.uk/news/technology-17623939.

British Broadcasting Company (BBC). (2014). Nottinghamshire police Website hacked by Anonghost. Retrieved from http://www.bbc.com/news/uk-england-nottinghamshire-29951605.

Cashin. E. L. (2000). Integerit file verification system. Retrieved from http://integrit.sourceforge.net.

Charles, P., Shari, L. P., & Jonathan, M. (2015). Security in computing. New Jersey, USA: Prentice Hall Press.

Cục An toàn Thông tin. (2016). Bản tin An toàn thông tin tháng 7 năm 2016. Hà Nội, Việt Nam: Bộ Thông tin và Truyền thông.

Davanzo, G., Medvet, E., & Bartoli, A. (2010). A comparative study of anomaly detection techniques in Website defacement detection. IFIP International Federation for Information Processing, 278(1), 711-716.

David, D., Manos, A., Paul, V., Tatuya, J., & Wenke, L. (2008). Increased DNS forgery resistance through 0x20-bit encoding: Security via leet queries. Paper presented at The 15th ACM Conference on Computer and Communications Security, USA.

Dương, A. Đ., & Trần, M. T. (2005). Mã hoá và ứng dụng. TP. Hồ Chí Minh, Việt Nam: NXB. Đại học Quốc gia TP. Hồ Chí Minh.

Gaurav, R., Newley, P., & Jason, N. (2015). Malaysia airlines Website hacked by group calling itself "Cyber Caliphate". New York, USA: Wall Street Journal. Retrieved from https://www.wsj.com/articles/malaysia-airlines-website-hacked-by-group-calling-itself-cyber-caliphate-1422238358.

Hiệp hội An toàn thông tin Việt Nam (VNISA). (2017). Tài liệu báo cáo ngày An toàn thông tin Việt Nam 2017. Retrieved from https://vnisa.org.vn/thu-vien/tai-lieu-hoi-thao/tai-lieu-bao-cao-ngay-an-toan-thong-tin-viet-nam-2017.html.

OWASP. (2017). Top 10 most critical web application security risks. Retrieved from https://www.owasp.org/index.php/Category:OWASP_top_ten_project.

Piyush, G., & Sandeep, K. (2014). A comparative analysis of SHA and MD5. International Journal of Computer Science and Information Technologies, 5(3), 4492-4495.

Quinlan, J. R. (1993). C4.5: Programs for machine learning. Massachusetts, USA: Morgan Kaufmann Publishers.

Ramniwas, K., Nikhil, K. S., & Deepak, S. T. (2014). A novel approach to detect Webpage tampering. International Journal of Computer Science and Information Technologies, 5(3), 4604-4607.

Rashmi, K. V., & Shahzia, S. (2015). Implementation of Web defacement detection technique. International Journal of Innovations in Engineering and Technology, 6(1), 134-140.

Richard, B. (2003). C# network programming. California, USA: John Wiley & Sons Publishing.

Rivest, R. (1992). The MD5 message-digest algorithm, RFC 1321. Retrieved from https://www.ietf.org/rfc/rfc1321.txt.

Shannon, C. E. (1948). A mathematical theory of communication. The Bell System Technical Journal, 27, 379-423.

Shar, L., & Tan, H. B. (2013). Defeating SQL injection. Computer, 46(3), 68-77.

Stalling, W. (1999). Cryptography and network security: Principles and practice. New Jersey, USA: Prentice Hall Publishing.

Tushar, K., Vineet, R., & Vivek, R. (2011). Implementing a Web browser with Web defacement detection techniques. World of Computer Science and Information Technology Journal, 1(7), 307-310.

Tushar, K., Vineet, R., & Vivek, R. (2012). Implementation of an efficient Web defacement technique and spotting exact defacement location using Diff algorithm. International Journal of Emerging Technology and Advanced Engineering, 2(3), 252-256.

Xiang, Y. L., & Hongtao, L. (2008). Fragile watermarking schemes for tamper-proof Webpages. Paper presented at The WASE International Conference on Information Engineering, China.




DOI: http://dx.doi.org/10.37569/DalatUniversity.8.2.412(2018)

Refbacks

  • There are currently no refbacks.


Copyright (c) 2018 Trần Đắc Tốt, Đặng Lê Nam, Phạm Nguyễn Huy Phương

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Editorial Office of DLU Journal of Science
Room.15, A25 Building, 01 Phu Dong Thien Vuong Street, Dalat, Lamdong
Email: tapchikhoahoc@dlu.edu.vn - Phone: (+84) 263 3 555 131

Creative Commons License
Based on Open Journal Systems
Developed by Information Technology Department