Protecting online services : a proxy-based machine learning architecture

Abstract

This research work revolves around the study, application, and subsequent implementation of a prototype based on machine learning, which intends to protect online services. The benefits of the proposed approach include identifying browser extensions which are installed locally on a client’s browser, analysing such extensions, processing this gathered data through a classifier algorithm, and maintaining a supervised machine learning architecture through the use of machine learning. A key objective in this study was to establish whether such an approach would be viable for a real application. Through this study, key academic aspects were identified, outlining the essential contribution the data gathered offers online businesses. Through thorough research, it has been identified that there is lack of much-needed server security, when it comes to client side attacks. Internet attacks are present on numerous amounts of mediums, one of them being the browser itself. The architecture of this research was based on primarily identifying such threats located on the browser, followed by recognising methods of preventing them from causing harm to connected servers. This research project involved the designing, developing, and implementation of a well-structured machine learning architecture which was placed as an intermediary between the client and the server, in order to make informed decisions. The data which was gathered by this machine was further processed, in order to continuously populate factual data, whilst improving the accuracy of predicted results. Therefore, to further evaluate the value proposition, this research evaluated a malicious browser extension detection approach based on machine learning. This study analysed the characteristic of a malicious extension systematically and presents important features for machine learning. Experimental results demonstrated that the method utilised in this study is resilient to code obfuscations and is able to correctly determine whether a browser extension is malicious or not. Potential users of this implementation include a number of Web Servers which encounter large amounts of user requests, which unfortunately are currently not being monitored. Tests conducted verified the validity of the system created in relation to both the software used to identify such extensions and machine learning architecture, as well as identified its benefits and limitations.