Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications

The generated HTTP traffic of users' interactions with a Web application can be logged for further analysis. In this thesis, we present the ``Session Reconstruction'' problem that is the reconstruction of user interactions from recorded request/response logs of a session. The reconstr...

Full description

Bibliographic Details
Main Author: Hooshmand, Salman
Other Authors: Jourdan, Guy-Vincent
Language:en
Published: Université d'Ottawa / University of Ottawa 2017
Subjects:
Online Access:http://hdl.handle.net/10393/36750
http://dx.doi.org/10.20381/ruor-21022
id ndltd-uottawa.ca-oai-ruor.uottawa.ca-10393-36750
record_format oai_dc
spelling ndltd-uottawa.ca-oai-ruor.uottawa.ca-10393-367502018-01-05T19:03:09Z Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications Hooshmand, Salman Jourdan, Guy-Vincent User-Interactions Reconstruction Rich Internet Applications Traffic Replay HTTP Traces The generated HTTP traffic of users' interactions with a Web application can be logged for further analysis. In this thesis, we present the ``Session Reconstruction'' problem that is the reconstruction of user interactions from recorded request/response logs of a session. The reconstruction is especially useful when the only available information about the session is its HTTP trace, as could be the case during a forensic analysis of an attack on a website. New Web technologies such as AJAX and DOM manipulation have provided more responsive and smoother Web applications, sometimes called ``Rich Internet Applications''(RIAs). Despite the benefits of RIAs, the previous session reconstruction methods for traditional Web applications are not effective anymore. Recovering information from a log in RIAs is significantly more challenging as compared with classical Web applications, because the HTTP traffic contains often only application data and no obvious clues about what the user did to trigger that traffic. This thesis studies applying different techniques for efficient reconstruction of RIA sessions. We define the problem in the context of the client/server applications, and propose a solution for it. We present different algorithms to make the session reconstruction possible in practice: learning mechanisms to guide the session reconstruction process efficiently, techniques for recovering user-inputs and handling client-side randomness, and also algorithms for detections of actions that do not generate any HTTP traffic. In addition, to further reduce the session reconstruction time, we propose a distributed architecture to concurrently reconstruct a RIA session over several nodes. To measure the effectiveness of our proposed algorithms, a prototype called D-ForenRIA is implemented. The prototype is made of a proxy and a set of browsers. Browsers are responsible for trying candidate actions on each state, and the proxy, which contains the observed HTTP trace, is responsible for responding to browsers' requests and validating attempted actions on each state. We have used this tool to measure the effectiveness of the proposed techniques during session reconstruction process. The results of our evaluation on several RIAs show that the proposed solution can efficiently reconstruct use-sessions in practice. 2017-10-04T19:18:53Z 2017-10-04T19:18:53Z 2017 Thesis http://hdl.handle.net/10393/36750 http://dx.doi.org/10.20381/ruor-21022 en Université d'Ottawa / University of Ottawa
collection NDLTD
language en
sources NDLTD
topic User-Interactions Reconstruction
Rich Internet Applications
Traffic Replay
HTTP Traces
spellingShingle User-Interactions Reconstruction
Rich Internet Applications
Traffic Replay
HTTP Traces
Hooshmand, Salman
Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications
description The generated HTTP traffic of users' interactions with a Web application can be logged for further analysis. In this thesis, we present the ``Session Reconstruction'' problem that is the reconstruction of user interactions from recorded request/response logs of a session. The reconstruction is especially useful when the only available information about the session is its HTTP trace, as could be the case during a forensic analysis of an attack on a website. New Web technologies such as AJAX and DOM manipulation have provided more responsive and smoother Web applications, sometimes called ``Rich Internet Applications''(RIAs). Despite the benefits of RIAs, the previous session reconstruction methods for traditional Web applications are not effective anymore. Recovering information from a log in RIAs is significantly more challenging as compared with classical Web applications, because the HTTP traffic contains often only application data and no obvious clues about what the user did to trigger that traffic. This thesis studies applying different techniques for efficient reconstruction of RIA sessions. We define the problem in the context of the client/server applications, and propose a solution for it. We present different algorithms to make the session reconstruction possible in practice: learning mechanisms to guide the session reconstruction process efficiently, techniques for recovering user-inputs and handling client-side randomness, and also algorithms for detections of actions that do not generate any HTTP traffic. In addition, to further reduce the session reconstruction time, we propose a distributed architecture to concurrently reconstruct a RIA session over several nodes. To measure the effectiveness of our proposed algorithms, a prototype called D-ForenRIA is implemented. The prototype is made of a proxy and a set of browsers. Browsers are responsible for trying candidate actions on each state, and the proxy, which contains the observed HTTP trace, is responsible for responding to browsers' requests and validating attempted actions on each state. We have used this tool to measure the effectiveness of the proposed techniques during session reconstruction process. The results of our evaluation on several RIAs show that the proposed solution can efficiently reconstruct use-sessions in practice.
author2 Jourdan, Guy-Vincent
author_facet Jourdan, Guy-Vincent
Hooshmand, Salman
author Hooshmand, Salman
author_sort Hooshmand, Salman
title Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications
title_short Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications
title_full Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications
title_fullStr Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications
title_full_unstemmed Efficient Reconstruction of User Sessions from HTTP Traces for Rich Internet Applications
title_sort efficient reconstruction of user sessions from http traces for rich internet applications
publisher Université d'Ottawa / University of Ottawa
publishDate 2017
url http://hdl.handle.net/10393/36750
http://dx.doi.org/10.20381/ruor-21022
work_keys_str_mv AT hooshmandsalman efficientreconstructionofusersessionsfromhttptracesforrichinternetapplications
_version_ 1718598961824006144