A novel methodology towards a trusted environment in mashup web applications

Ahmed Patel, Samaher Al-Janabi , Ibrahim AlShourbaji, Jens Myrup Pedersen

Research output: Contribution to journalJournal articleResearchpeer-review

11 Citations (Scopus)

Abstract

A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring security to the forefront when developing mashup applications and will require new ways of identifying and managing said risks. The primary goal of this paper is to present a client side mashup security framework to ensure that the sources for mashup applications are tested and secured against malicious intrusions. This framework is based on risk analysis and mashup source classification that will examine, analyze and evaluate the data transitions between the server-side and the client-side. Risk filtering using data mining suggests a new data mining technique also be utilized to enhance the quality of the risk analysis by removing most of the false risks. This approach is called the Risk Filtering Data Mining algorithm (RFDM). The RFDM framework deals with three types of clusters (trusted, untrusted and hesitation or unknown) to handle the hesitation clusters. Our proposal is to employ Atanassov's Instuitionistic Fuzzy Sets (A-IFs) as it improves the results of an URL. Finally, the results would be evaluated based on five experimental measures generated by a confusion matrix, namely: Accuracy (AC), recall or true positive rate (TP), precision (P), F-measure (considers both precision and recall) and Fβ.
Original languageEnglish
JournalComputers & Security
Volume49
Pages (from-to)107-129
ISSN0167-4048
DOIs
Publication statusPublished - 2015

Fingerprint

Data mining
methodology
Risk analysis
Fuzzy sets
Websites
Servers
Agglomeration
aggregation
vulnerability
threat

Cite this

Patel, Ahmed ; Al-Janabi , Samaher ; AlShourbaji, Ibrahim ; Pedersen, Jens Myrup. / A novel methodology towards a trusted environment in mashup web applications. In: Computers & Security. 2015 ; Vol. 49. pp. 107-129.
@article{c54fe12493fd45f5bb9f4ae3eb01ed8f,
title = "A novel methodology towards a trusted environment in mashup web applications",
abstract = "A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring security to the forefront when developing mashup applications and will require new ways of identifying and managing said risks. The primary goal of this paper is to present a client side mashup security framework to ensure that the sources for mashup applications are tested and secured against malicious intrusions. This framework is based on risk analysis and mashup source classification that will examine, analyze and evaluate the data transitions between the server-side and the client-side. Risk filtering using data mining suggests a new data mining technique also be utilized to enhance the quality of the risk analysis by removing most of the false risks. This approach is called the Risk Filtering Data Mining algorithm (RFDM). The RFDM framework deals with three types of clusters (trusted, untrusted and hesitation or unknown) to handle the hesitation clusters. Our proposal is to employ Atanassov's Instuitionistic Fuzzy Sets (A-IFs) as it improves the results of an URL. Finally, the results would be evaluated based on five experimental measures generated by a confusion matrix, namely: Accuracy (AC), recall or true positive rate (TP), precision (P), F-measure (considers both precision and recall) and Fβ.",
author = "Ahmed Patel and Samaher Al-Janabi and Ibrahim AlShourbaji and Pedersen, {Jens Myrup}",
year = "2015",
doi = "10.1016/j.cose.2014.10.009",
language = "English",
volume = "49",
pages = "107--129",
journal = "Computers & Security",
issn = "0167-4048",
publisher = "Elsevier",

}

A novel methodology towards a trusted environment in mashup web applications. / Patel, Ahmed; Al-Janabi , Samaher ; AlShourbaji, Ibrahim ; Pedersen, Jens Myrup.

In: Computers & Security, Vol. 49, 2015, p. 107-129.

Research output: Contribution to journalJournal articleResearchpeer-review

TY - JOUR

T1 - A novel methodology towards a trusted environment in mashup web applications

AU - Patel, Ahmed

AU - Al-Janabi , Samaher

AU - AlShourbaji, Ibrahim

AU - Pedersen, Jens Myrup

PY - 2015

Y1 - 2015

N2 - A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring security to the forefront when developing mashup applications and will require new ways of identifying and managing said risks. The primary goal of this paper is to present a client side mashup security framework to ensure that the sources for mashup applications are tested and secured against malicious intrusions. This framework is based on risk analysis and mashup source classification that will examine, analyze and evaluate the data transitions between the server-side and the client-side. Risk filtering using data mining suggests a new data mining technique also be utilized to enhance the quality of the risk analysis by removing most of the false risks. This approach is called the Risk Filtering Data Mining algorithm (RFDM). The RFDM framework deals with three types of clusters (trusted, untrusted and hesitation or unknown) to handle the hesitation clusters. Our proposal is to employ Atanassov's Instuitionistic Fuzzy Sets (A-IFs) as it improves the results of an URL. Finally, the results would be evaluated based on five experimental measures generated by a confusion matrix, namely: Accuracy (AC), recall or true positive rate (TP), precision (P), F-measure (considers both precision and recall) and Fβ.

AB - A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring security to the forefront when developing mashup applications and will require new ways of identifying and managing said risks. The primary goal of this paper is to present a client side mashup security framework to ensure that the sources for mashup applications are tested and secured against malicious intrusions. This framework is based on risk analysis and mashup source classification that will examine, analyze and evaluate the data transitions between the server-side and the client-side. Risk filtering using data mining suggests a new data mining technique also be utilized to enhance the quality of the risk analysis by removing most of the false risks. This approach is called the Risk Filtering Data Mining algorithm (RFDM). The RFDM framework deals with three types of clusters (trusted, untrusted and hesitation or unknown) to handle the hesitation clusters. Our proposal is to employ Atanassov's Instuitionistic Fuzzy Sets (A-IFs) as it improves the results of an URL. Finally, the results would be evaluated based on five experimental measures generated by a confusion matrix, namely: Accuracy (AC), recall or true positive rate (TP), precision (P), F-measure (considers both precision and recall) and Fβ.

U2 - 10.1016/j.cose.2014.10.009

DO - 10.1016/j.cose.2014.10.009

M3 - Journal article

VL - 49

SP - 107

EP - 129

JO - Computers & Security

JF - Computers & Security

SN - 0167-4048

ER -