Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications

Title: Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications
Authors: Hooshmand, Salman
Date: 2017
Abstract: The generated HTTP traffic of users' interactions with a Web application can be logged for further analysis. In this thesis, we present the ``Session Reconstruction'' problem that is the reconstruction of user interactions from recorded request/response logs of a session. The reconstruction is especially useful when the only available information about the session is its HTTP trace, as could be the case during a forensic analysis of an attack on a website. New Web technologies such as AJAX and DOM manipulation have provided more responsive and smoother Web applications, sometimes called ``Rich Internet Applications''(RIAs). Despite the benefits of RIAs, the previous session reconstruction methods for traditional Web applications are not effective anymore. Recovering information from a log in RIAs is significantly more challenging as compared with classical Web applications, because the HTTP traffic contains often only application data and no obvious clues about what the user did to trigger that traffic. This thesis studies applying different techniques for efficient reconstruction of RIA sessions. We define the problem in the context of the client/server applications, and propose a solution for it. We present different algorithms to make the session reconstruction possible in practice: learning mechanisms to guide the session reconstruction process efficiently, techniques for recovering user-inputs and handling client-side randomness, and also algorithms for detections of actions that do not generate any HTTP traffic. In addition, to further reduce the session reconstruction time, we propose a distributed architecture to concurrently reconstruct a RIA session over several nodes. To measure the effectiveness of our proposed algorithms, a prototype called D-ForenRIA is implemented. The prototype is made of a proxy and a set of browsers. Browsers are responsible for trying candidate actions on each state, and the proxy, which contains the observed HTTP trace, is responsible for responding to browsers' requests and validating attempted actions on each state. We have used this tool to measure the effectiveness of the proposed techniques during session reconstruction process. The results of our evaluation on several RIAs show that the proposed solution can efficiently reconstruct use-sessions in practice.
URL: http://hdl.handle.net/10393/36750
CollectionThèses, 2011 - // Theses, 2011 -