Mustafa Mert Karataş : Malicious User Input Detection on Web-Based Attacks with the Negative Selection Algorithm

Msc. Candidate: Mustafa Mert Karataş

Program: Cyber Security

Date: 09.09.2019 13:00 p.m

Place: A-212

Abstract: The human body is exposed to several pathogens during its lifetime. HIS(Human Immune System) is responsible to protect the body from different pathogens. HIS has two distinct response systems to these outsiders, which are; innate and adaptive immune systems. While the innate system takes general actions to the intruding pathogens, the adaptive immune system eradicates them by its special cells. T-Cells, one of the defined adaptive immunity cells, are created in the thymus. The generation of these cells is constant and continued to the end of the human life span. T-Cells protects the human body with the use of its distinct self and non-self discrimination ability. In the computer science domain, self/non-self discrimination of the T-Cells are studied and applied in the subject of AIS (Artificial Immune System). A model observed from the HIS while creating these cells, Negative Selection, is added as an algorithm to this subject. The ability to discriminate self from non-self is thought to be useful for the detection of any malicious activity in a computer or a computer network. In this thesis, the Negative Selection Algorithm of the T-Cells is applied in order to detect malicious user input that is submitted from HTTP GET parameters. Detection is done through detectors strings with varying lengths. Detectors are constructed with randomly chosen n-gram strings generated from the training dataset. The number of n-gram strings to form a single detector is determined with the use of Poisson Probability. Detection rates, number of attempts needed for generating a single detector, average detection rates for each detector, the lengths of the detectors and number of detectors that can be generated over a course of time are calculated and presented.