This paper studies the feasibility of an early warning system that prevents users from the dangerous situations they may fall into during web surfing. Our approach adopts behavioral Hidden Markov Models to explore collective intelligence embedded in users' browsing behaviors for context-aware category prediction, and applies the results to web security threat prevention. Large-scale experiments show that our proposed method performs accuracy 0.463 for predicting the fine-grained categories of users' next accesses. In real-life filtering simulations, our method can achieve macro-averaging blocking rate 0.4293 to find web security threats that cannot be detected by the existing security protection solutions at the early stage, while accomplishes a low macro-averaging over-blocking rate 0.0005 with the passage of time. In addition, behavioral HMM is able to alert users for avoiding security threats by 8.4 hours earlier than the current URL filtering engine does. Our simulations show that the shortening of this lag time is critical to avoid severe diffusions of security threats.
%0 Conference Paper
%1 lee2012contextaware
%A Lee, Lung-Hao
%A Juan, Yen-Cheng
%A Lee, Kuei-Ching
%A Tseng, Wei-Lin
%A Chen, Hsin-Hsi
%A Tseng, Yuen-Hsien
%B Proceedings of the 2012 ACM conference on Computer and communications security
%C New York, NY, USA
%D 2012
%I ACM
%K CTII:WS1213 context hidden hmm markov master model prediction security uni web
%P 992--994
%R 10.1145/2382196.2382302
%T Context-aware web security threat prevention
%U http://doi.acm.org/10.1145/2382196.2382302
%X This paper studies the feasibility of an early warning system that prevents users from the dangerous situations they may fall into during web surfing. Our approach adopts behavioral Hidden Markov Models to explore collective intelligence embedded in users' browsing behaviors for context-aware category prediction, and applies the results to web security threat prevention. Large-scale experiments show that our proposed method performs accuracy 0.463 for predicting the fine-grained categories of users' next accesses. In real-life filtering simulations, our method can achieve macro-averaging blocking rate 0.4293 to find web security threats that cannot be detected by the existing security protection solutions at the early stage, while accomplishes a low macro-averaging over-blocking rate 0.0005 with the passage of time. In addition, behavioral HMM is able to alert users for avoiding security threats by 8.4 hours earlier than the current URL filtering engine does. Our simulations show that the shortening of this lag time is critical to avoid severe diffusions of security threats.
%@ 978-1-4503-1651-4
@inproceedings{lee2012contextaware,
abstract = {This paper studies the feasibility of an early warning system that prevents users from the dangerous situations they may fall into during web surfing. Our approach adopts behavioral Hidden Markov Models to explore collective intelligence embedded in users' browsing behaviors for context-aware category prediction, and applies the results to web security threat prevention. Large-scale experiments show that our proposed method performs accuracy 0.463 for predicting the fine-grained categories of users' next accesses. In real-life filtering simulations, our method can achieve macro-averaging blocking rate 0.4293 to find web security threats that cannot be detected by the existing security protection solutions at the early stage, while accomplishes a low macro-averaging over-blocking rate 0.0005 with the passage of time. In addition, behavioral HMM is able to alert users for avoiding security threats by 8.4 hours earlier than the current URL filtering engine does. Our simulations show that the shortening of this lag time is critical to avoid severe diffusions of security threats.},
acmid = {2382302},
added-at = {2012-10-25T15:23:54.000+0200},
address = {New York, NY, USA},
author = {Lee, Lung-Hao and Juan, Yen-Cheng and Lee, Kuei-Ching and Tseng, Wei-Lin and Chen, Hsin-Hsi and Tseng, Yuen-Hsien},
biburl = {https://www.bibsonomy.org/bibtex/21cf624061a984d247ce408791dec1420/telekoma},
booktitle = {Proceedings of the 2012 ACM conference on Computer and communications security},
description = {Context-aware web security threat prevention},
doi = {10.1145/2382196.2382302},
interhash = {bb1aed60824080f9d840e401c437b63b},
intrahash = {1cf624061a984d247ce408791dec1420},
isbn = {978-1-4503-1651-4},
keywords = {CTII:WS1213 context hidden hmm markov master model prediction security uni web},
location = {Raleigh, North Carolina, USA},
numpages = {3},
pages = {992--994},
publisher = {ACM},
series = {CCS '12},
timestamp = {2012-10-25T15:23:54.000+0200},
title = {Context-aware web security threat prevention},
url = {http://doi.acm.org/10.1145/2382196.2382302},
year = 2012
}