WebForecast: Analysis and Prediction of Web Application Updates

Abstract

Statement of Work: The proposed research will design and develop novel differential-analysis techniques that can be used to fingerprint remote web applications. The PI will incorporate these techniques into WebForecast, an automated, application-agnostic system that will be able to extract signatures for the fingerprinting of web applications without requiring assistance from human analysts. WebForecast will guide the large-scale, longitudinal crawling of web applications across different sectors of interest, enabling the construction of an observatory for tracking the update dynamics of deployed web applications. Through this observatory, the PI will quantify which underlying parameters govern web-application updates and how past update data can be used to predict future updates.Objective: The PI will investigate, design, implement, and evaluate novel differential-analysis techniques for the automated fingerprinting of web applications. These techniques will be used to characterize the update behavior of web-application deployments across different sectors of interest. The collected data on past update behavior will be used to predict future updates as well as estimate the lifetime of new vulnerabilities.Approach: The proposed research will enable the fingerprinting of web applications through a hybrid, differential-analysis-based, set of techniques which will combine the speed of static-content identification with the flexible nature of dynamic analysis. This hybrid approach will be able to stimulate web applications and detect minute differences in HTTP responses, enabling the identification of versions from as little as a single whitespace present in version N of a web application, but absent in versions prior to N. These hybrid, differential-analysis techniques will be incorporated inWebForecast, a system that uses modern DevOps techniques to track and automatically compute signatures of new versions of web applications without any manual effort. Using the signatures obtained through WebForecast, the PI will design and implement an observatory of web-application updates, to understand the update dynamics across a wide range of applications, countries, and sectors of interest. Finally the PI will utilize the data collected through this observatory in regression models and survival-analysis models to predict web-application updates and to quantify the effect of different parameters to the lifetime of web-application vulnerabilities.Overall Merit and ONR Mission/Relevance: Given that the web is the preferred medium for delivering applications and content to users, the ability to fingerprint remote web applications and determine their vulnerability to known exploits, is of direct relevance to the Navy. The application-agnostic nature of WebForecast will enable the Navy to fingerprint and determine the versions and vulnerabilities of internal and public-facing web applications, whether they are deployments of popular open-source software, or custom-built, mission-specific web applications.

Document Details

Document Type

DoD Grant Award

Publication Date

Jul 20, 2020

Source ID

N000142012720

Entities

Tags