A novel methodology towards a trusted environment in mashup web applications

Ahmed Patel, Samaher Al-Janabi, Ibrahim Alshourbaji, Jens Pedersen

    Research output: Contribution to journalArticle

    15 Citations (Scopus)

    Abstract

    A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring security to the forefront when developing mashup applications and will require new ways of identifying and managing said risks. The primary goal of this paper is to present a client side mashup security framework to ensure that the sources for mashup applications are tested and secured against malicious intrusions. This framework is based on risk analysis and mashup source classification that will examine, analyze and evaluate the data transitions between the server-side and the client-side. Risk filtering using data mining suggests a new data mining technique also be utilized to enhance the quality of the risk analysis by removing most of the false risks. This approach is called the Risk Filtering Data Mining algorithm (RFDM). The RFDM framework deals with three types of clusters (trusted, untrusted and hesitation or unknown) to handle the hesitation clusters. Our proposal is to employ Atanassov's Instuitionistic Fuzzy Sets (A-IFs) as it improves the results of an URL. Finally, the results would be evaluated based on five experimental measures generated by a confusion matrix, namely: Accuracy (AC), recall or true positive rate (TP), precision (P), F-measure (considers both precision and recall) and Fβ.

    Original languageEnglish
    Pages (from-to)107-122
    Number of pages16
    JournalComputers and Security
    Volume49
    DOIs
    Publication statusPublished - 2015

    Fingerprint

    Data mining
    methodology
    Risk analysis
    Fuzzy sets
    Websites
    Servers
    Agglomeration
    aggregation
    vulnerability
    threat

    Keywords

    • Application programming interfaces (API)
    • Confusion matrix
    • Mashup applications
    • Risk analysis
    • Risk filtering data mining algorithm (RFDM)
    • Security
    • Threats

    ASJC Scopus subject areas

    • Computer Science(all)
    • Law

    Cite this

    A novel methodology towards a trusted environment in mashup web applications. / Patel, Ahmed; Al-Janabi, Samaher; Alshourbaji, Ibrahim; Pedersen, Jens.

    In: Computers and Security, Vol. 49, 2015, p. 107-122.

    Research output: Contribution to journalArticle

    Patel, Ahmed ; Al-Janabi, Samaher ; Alshourbaji, Ibrahim ; Pedersen, Jens. / A novel methodology towards a trusted environment in mashup web applications. In: Computers and Security. 2015 ; Vol. 49. pp. 107-122.
    @article{85169a15e34a4d458cb8df6519dc4242,
    title = "A novel methodology towards a trusted environment in mashup web applications",
    abstract = "A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring security to the forefront when developing mashup applications and will require new ways of identifying and managing said risks. The primary goal of this paper is to present a client side mashup security framework to ensure that the sources for mashup applications are tested and secured against malicious intrusions. This framework is based on risk analysis and mashup source classification that will examine, analyze and evaluate the data transitions between the server-side and the client-side. Risk filtering using data mining suggests a new data mining technique also be utilized to enhance the quality of the risk analysis by removing most of the false risks. This approach is called the Risk Filtering Data Mining algorithm (RFDM). The RFDM framework deals with three types of clusters (trusted, untrusted and hesitation or unknown) to handle the hesitation clusters. Our proposal is to employ Atanassov's Instuitionistic Fuzzy Sets (A-IFs) as it improves the results of an URL. Finally, the results would be evaluated based on five experimental measures generated by a confusion matrix, namely: Accuracy (AC), recall or true positive rate (TP), precision (P), F-measure (considers both precision and recall) and Fβ.",
    keywords = "Application programming interfaces (API), Confusion matrix, Mashup applications, Risk analysis, Risk filtering data mining algorithm (RFDM), Security, Threats",
    author = "Ahmed Patel and Samaher Al-Janabi and Ibrahim Alshourbaji and Jens Pedersen",
    year = "2015",
    doi = "10.1016/j.cose.2014.10.009",
    language = "English",
    volume = "49",
    pages = "107--122",
    journal = "Computers and Security",
    issn = "0167-4048",
    publisher = "Elsevier Limited",

    }

    TY - JOUR

    T1 - A novel methodology towards a trusted environment in mashup web applications

    AU - Patel, Ahmed

    AU - Al-Janabi, Samaher

    AU - Alshourbaji, Ibrahim

    AU - Pedersen, Jens

    PY - 2015

    Y1 - 2015

    N2 - A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring security to the forefront when developing mashup applications and will require new ways of identifying and managing said risks. The primary goal of this paper is to present a client side mashup security framework to ensure that the sources for mashup applications are tested and secured against malicious intrusions. This framework is based on risk analysis and mashup source classification that will examine, analyze and evaluate the data transitions between the server-side and the client-side. Risk filtering using data mining suggests a new data mining technique also be utilized to enhance the quality of the risk analysis by removing most of the false risks. This approach is called the Risk Filtering Data Mining algorithm (RFDM). The RFDM framework deals with three types of clusters (trusted, untrusted and hesitation or unknown) to handle the hesitation clusters. Our proposal is to employ Atanassov's Instuitionistic Fuzzy Sets (A-IFs) as it improves the results of an URL. Finally, the results would be evaluated based on five experimental measures generated by a confusion matrix, namely: Accuracy (AC), recall or true positive rate (TP), precision (P), F-measure (considers both precision and recall) and Fβ.

    AB - A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring security to the forefront when developing mashup applications and will require new ways of identifying and managing said risks. The primary goal of this paper is to present a client side mashup security framework to ensure that the sources for mashup applications are tested and secured against malicious intrusions. This framework is based on risk analysis and mashup source classification that will examine, analyze and evaluate the data transitions between the server-side and the client-side. Risk filtering using data mining suggests a new data mining technique also be utilized to enhance the quality of the risk analysis by removing most of the false risks. This approach is called the Risk Filtering Data Mining algorithm (RFDM). The RFDM framework deals with three types of clusters (trusted, untrusted and hesitation or unknown) to handle the hesitation clusters. Our proposal is to employ Atanassov's Instuitionistic Fuzzy Sets (A-IFs) as it improves the results of an URL. Finally, the results would be evaluated based on five experimental measures generated by a confusion matrix, namely: Accuracy (AC), recall or true positive rate (TP), precision (P), F-measure (considers both precision and recall) and Fβ.

    KW - Application programming interfaces (API)

    KW - Confusion matrix

    KW - Mashup applications

    KW - Risk analysis

    KW - Risk filtering data mining algorithm (RFDM)

    KW - Security

    KW - Threats

    UR - http://www.scopus.com/inward/record.url?scp=84919827581&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84919827581&partnerID=8YFLogxK

    U2 - 10.1016/j.cose.2014.10.009

    DO - 10.1016/j.cose.2014.10.009

    M3 - Article

    AN - SCOPUS:84919827581

    VL - 49

    SP - 107

    EP - 122

    JO - Computers and Security

    JF - Computers and Security

    SN - 0167-4048

    ER -