Fine-grained Web Service Trust Detection: A Joint Method of Machine Learning and Blockchain

Authors

  • Ruizhong Du School of Cyber Security and Computer, Hebei University, Baoding 071002, China
  • Yan Gao School of Cyber Security and Computer, Hebei University, Baoding 071002, China
  • Cui Liu Key Lab on High Trusted Information System of Hebei Province, Baoding 071002, China

DOI:

https://doi.org/10.13052/jwe1540-9589.2157

Keywords:

Website defacement, trusted detection, naive Bayes, blockchain, Merkle tree

Abstract

Current website defacement detection methods often ignore security and credibility in the detection process. Furthermore, with the gradual development of dynamic websites, false positives and underreports of website defacement have periodically occurred. Therefore, to enhance the credibility of website defacement detection and reduce the false-positive rate and the false-negative rate of website defacement, this paper proposes a fine-grained trust detection scheme called WebTD, that combines machine learning and blockchain. WebTD consists of two parts: an analysis layer and a verification layer. The analysis layer is the key to improving the success rate of website defacement detection. This layer mainly uses the naive Bayes (NB) algorithm to decouple and segment different types of web page content, and then preprocess the segmented data to establish a complete analysis model. Second, the verification layer is the key to establishing a credible detection mechanism. WebTD develops a new blockchain model and proposes a multi-value verification algorithm to achieve a multilayer detection mechanism for the blockchain. In addition, to quickly locate and repair the defaced data of the website, the Merkle tree (MT) algorithm is used to calculate the preprocessed data. Finally, we evaluate WebTD against two state-of-the-art research schemes. The experimental results and the security analysis show that WebTD not only establishes a credible web service detection mechanism but also keeps the detection success rate above 98%, which can effectively ensure the integrity of the website.

Downloads

Download data is not yet available.

Author Biographies

Ruizhong Du, School of Cyber Security and Computer, Hebei University, Baoding 071002, China

Ruizhong Du received a Ph.D. in Information Security from the School of Computer Science, Wuhan University, China, in 2012. Since 1997, he has been working in the School of Cyberspace Security and Computer, Hebei University, China. He is currently the Associate Dean, a Doctoral Supervisor, and a Professor of the School of Cyber Security and Computers, Hebei University. He is the secretary-general of the Hebei Cyberspace Security Society and the executive director of the Hebei Computer Society. His research directions mainly include network security, edge computing, and trusted computing.

Yan Gao, School of Cyber Security and Computer, Hebei University, Baoding 071002, China

Yan Gao received a B.E. degree in Information Security from the School of Cyberspace Security and Computer, Hebei University, China, in 2020 and is currently studying for a master’s degree in Cyberspace Security at the School of Cyberspace Security and Computer, Hebei University, China. He is proficient with programming and theoretical analysis. His research interests include blockchain and trusted computing research.

Cui Liu, Key Lab on High Trusted Information System of Hebei Province, Baoding 071002, China

Cui Liu received a B.E. in Information and Computing Science from the School of Mathematics and Computer Science, Shanxi University of Technology, China. She is currently studying for a master’s degree in cyberspace security at the School of Cyber Security and Computer. Hebei University, China. Her research interests focus on network security and blockchain.

References

Federico Maggi, Marco Balduzzi, Ryan Flores, Lion Gu, and Vincenzo Ciancaglini. Investigating web defacement campaigns at large. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pages 443–456, 2018.

Pankaj Sharma, Rahul Johari, and SS Sarma. Integrated approach to prevent sql injection attack and reflected cross site scripting attack. International Journal of System Assurance Engineering and Management, 3(4):343–351, 2012.

Zainab S Alwan and Manal F Younis. Detection and prevention of sql injection attack: A survey. International Journal of Computer Science and Mobile Computing, 6(8):5–17, 2017.

Germán E Rodríguez, Jenny G Torres, Pamela Flores, and Diego E Benavides. Cross-site scripting (xss) attacks and mitigation: A survey. Computer Networks, 166:106960, 2020.

Ya Na Zhang, Li Han, and Xin Cao. Design of network information security system. In Advanced Materials Research, volume 1022, pages 257–260. Trans Tech Publ, 2014.

Xiaodan Xu, Huawen Liu, and Minghai Yao. Recent progress of anomaly detection. Complexity, 2019, 2019.

Erdinç Uzun. A novel web scraping approach using the additional information obtained from web pages. IEEE Access, 8:61726–61740, 2020.

Jesús Díaz-Verdejo, Javier Muñoz-Calle, Antonio Estepa Alonso, Rafael Estepa Alonso, and Germán Madinabeitia. On the detection capabilities of signature-based intrusion detection systems in the context of web attacks. Applied Sciences, 12(2):852, 2022.

Shadi Abou-Zahra, Judy Brewer, and Michael Cooper. Artificial intelligence (ai) for web accessibility: Is conformance evaluation a way forward? In Proceedings of the 15th International Web for All Conference, pages 1–4, 2018.

Samaneh Mahdavifar and Ali A Ghorbani. Application of deep learning to cybersecurity: A survey. Neurocomputing, 347:149–176, 2019.

Xuan Dau Hoang and Ngoc Tuong Nguyen. A multi-layer model for website defacement detection. In Proceedings of the Tenth International Symposium on Information and Communication Technology, pages 508–513, 2019.

Barerem-Melgueba Mao and Kanlanfei Damnam Bagolibe. A contribution to detect and prevent a website defacement. In 2019 International Conference on Cyberworlds (CW), pages 344–347. IEEE, 2019.

Ronghai Yang, Xianbo Wang, Cheng Chi, Dawei Wang, Jiawei He, Siming Pang, and Wing Cheong Lau. Scalable detection of promotional website defacements in black hat {SEO} campaigns. In 30th USENIX Security Symposium (USENIX Security 21), pages 3703–3720, 2021.

Francesco Bergadano, Fabio Carretto, Fabio Cogno, and Dario Ragno. Defacement detection with passive adversaries. Algorithms, 12(8):150, 2019.

Xuan Dau Hoang and Ngoc Tuong Nguyen. Detecting website defacements based on machine learning techniques and attack signatures. Computers, 8(2):35, 2019.

Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna. Meerkat: Detecting website defacements through image-based object recognition. In 24th USENIX Security Symposium (USENIX Security 15), pages 595–610, 2015.

Xuan Dau Hoang. A website defacement detection method based on machine learning techniques. In Proceedings of the Ninth International Symposium on Information and Communication Technology, pages 443–448, 2018.

Muhammad Ali, Stavros Shiaeles, Gueltoum Bendiab, and Bogdan Ghita. Malgra: Machine learning and n-gram malware feature extraction and detection system. Electronics, 9(11):1777, 2020.

Victor Hugo Andrade Soares, Ricardo JGB Campello, Seyednaser Nourashrafeddin, Evangelos Milios, and Murilo Coelho Naldi. Combining semantic and term frequency similarities for text clustering. Knowledge and Information Systems, 61(3):1485–1516, 2019.

Samaneh Mahdavifar and Ali A Ghorbani. Dennes: deep embedded neural network expert system for detecting cyber attacks. Neural Computing and Applications, 32(18):14753–14780, 2020.

Vitalik Buterin et al. A next-generation smart contract and decentralized application platform. white paper, 3(37), 2014.

Tao Qi, Bo Wang, and Su Juan Zhao. The research of website tamper-resistant technology. In Advanced Materials Research, volume 850, pages 475–478. Trans Tech Publ, 2014.

Adnan Iftekhar, Xiaohui Cui, Mir Hassan, and Wasif Afzal. Application of blockchain and internet of things to ensure tamper-proof data availability for food safety. Journal of Food Quality, 2020, 2020.

Jiachen Yang, Jiabao Wen, Bin Jiang, and Huihui Wang. Blockchain-based sharing and tamper-proof framework of big data networking. IEEE Network, 34(4):62–67, 2020.

Deepayan Bhowmik and Tian Feng. The multimedia blockchain: A distributed and tamper-proof media transaction framework. In 2017 22nd International Conference on Digital Signal Processing (DSP), pages 1–5. IEEE, 2017.

Qiang Hao, Rui Cai, Yanwei Pang, and Lei Zhang. From one tree to a forest: a unified solution for structured web data extraction. In Proceedings of the 34th international ACM SIGIR conference on Research and development in Information Retrieval, pages 775–784, 2011.

Colin Lockard, Prashant Shiralkar, and Xin Luna Dong. Openceres: When open information extraction meets the semi-structured web. In Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), pages 3047–3056, 2019.

Published

2022-07-30

Issue

Section

Articles