Defacement attacks have long been considered one of prime threats to websites and web\napplications of companies, enterprises, and government organizations. Defacement attacks can bring\nserious consequences to owners of websites, including immediate interruption of website operations\nand damage of the owner reputation, which may result in huge financial losses. Many solutions\nhave been researched and deployed for monitoring and detection of website defacement attacks,\nsuch as those based on checksum comparison, diff comparison, DOM tree analysis, and complicated\nalgorithms. However, some solutions only work on static websites and others demand extensive\ncomputing resources. This paper proposes a hybrid defacement detection model based on the\ncombination of the machine learning-based detection and the signature-based detection. The machine\nlearning-based detection first constructs a detection profile using training data of both normal and\ndefaced web pages. Then, it uses the profile to classify monitored web pages into either normal or\nattacked. The machine learning-based component can effectively detect defacements for both static\npages and dynamic pages. On the other hand, the signature-based detection is used to boost the\nmodelâ??s processing performance for common types of defacements. Extensive experiments show that\nour model produces an overall accuracy of more than 99.26% and a false positive rate of about 0.27%.\nMoreover, our model is suitable for implementation of a real-time website defacement monitoring\nsystem because it does not demand extensive computing resources.
Loading....