MARC details
| 000 -LEADER |
|---|
| fixed length control field |
05263namaa22004331i 4500 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
EG-GICUC |
| 005 - أخر تعامل مع التسجيلة |
|---|
| control field |
20260120095400.0 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
260105s2025 ua a|||frm||| 000 0 eng d |
| 040 ## - CATALOGING SOURCE |
|---|
| Original cataloguing agency |
EG-GICUC |
| Language of cataloging |
eng |
| Transcribing agency |
EG-GICUC |
| Modifying agency |
EG-GICUC |
| Description conventions |
rda |
| 041 0# - LANGUAGE CODE |
|---|
| Language code of text/sound track or separate title |
eng |
| Language code of summary or abstract |
eng |
| -- |
ara |
| 049 ## - Acquisition Source |
|---|
| Acquisition Source |
Deposit |
| 082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
005.8 |
| 092 ## - LOCALLY ASSIGNED DEWEY CALL NUMBER (OCLC) |
|---|
| Classification number |
005.8 |
| Edition number |
21 |
| 097 ## - Degree |
|---|
| Degree |
Ph.D |
| 099 ## - LOCAL FREE-TEXT CALL NUMBER (OCLC) |
|---|
| Local Call Number |
Cai01.20.03.Ph.D.2025.Ah.D |
| 100 0# - MAIN ENTRY--PERSONAL NAME |
|---|
| Authority record control number or standard number |
Ahmed Anas Hassan Elmenyawy, |
| Preparation |
preparation. |
| 245 10 - TITLE STATEMENT |
|---|
| Title |
Detecting web application attacks using an intelligent technique / |
| Statement of responsibility, etc. |
by Ahmed Anas Hassan Elmenyawy ; Supervision Prof. Dr. Salwa Ahmed Saad Ali El-Gamal, Dr. Basheer Abdel Fattah Youssef. |
| 246 15 - VARYING FORM OF TITLE |
|---|
| Title proper/short title |
كشف هجمات تطبيقات الويب باستخدام تقنية ذكية |
| 264 #0 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE |
|---|
| Date of production, publication, distribution, manufacture, or copyright notice |
2025. |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
84 Leaves : |
| Other physical details |
illustrations ; |
| Dimensions |
30 cm. + |
| Accompanying material |
CD. |
| 336 ## - CONTENT TYPE |
|---|
| Content type term |
text |
| Source |
rda content |
| 337 ## - MEDIA TYPE |
|---|
| Media type term |
Unmediated |
| Source |
rdamedia |
| 338 ## - CARRIER TYPE |
|---|
| Carrier type term |
volume |
| Source |
rdacarrier |
| 502 ## - DISSERTATION NOTE |
|---|
| Dissertation note |
Thesis (Ph.D)-Cairo University, 2025. |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE |
|---|
| Bibliography, etc. note |
Bibliography: pages 76-84. |
| 520 #3 - SUMMARY, ETC. |
|---|
| Summary, etc. |
Vertical Broken Access Control (VBAC) vulnerability is one of the most commonly identified<br/>issues in web applications, posing significant risks. Consequently, addressing this pervasive<br/>threat is crucial for ensuring system confidentiality and integrity. A comprehensive survey on<br/>detecting and preventing Broken Access Control attacks has been performed, emphasizing the<br/>importance of this challenge, elaborating on existing solutions, their limitations, and the open<br/>problems that remain. Broken access control attack detector (BACAD) is a novel framework<br/>that leverages advanced AI techniques to neutralize VBAC exploits and attacks in real-time<br/>using a dynamic and practical technique. The detection process consists of two steps. The first<br/>step is user role classification using an advanced Artificial Intelligence (AI) model created in<br/>a learning phase. The learning phase includes BACAD initial configuration and application<br/>user roles traffic generation used for AI model training. The AI model at the core of BACAD<br/>framework analyzes web requests and responses utilizing a robust feature extraction, and<br/>dynamic hyperparameter tuning to ensure optimal performance across diverse scenarios. The<br/>second step is the decision step, which determines whether the incoming request-response pair<br/>is benign or an attack by validating it Vs the BACAD session information set. The evaluation<br/>against a spectrum of real-world and demonstration web applications highlights remarkable<br/>efficiency in detecting VBAC exploits, providing robust application protection against<br/>different sets of VBAC attacks. Furthermore, it shows that BACAD framework addresses the<br/>VBAC problem by presenting an applicable, dynamic, flexible, and technology-independent<br/>solution to counter VBAC vulnerability risks. Thus, BACAD framework contributes<br/>significantly to the ongoing efforts aimed to enhance web application security. |
| 520 #3 - SUMMARY, ETC. |
|---|
| Summary, etc. |
ثغرة كسر التحكم في الوصول الرأسي (VBAC) تُعد من أكثر الثغرات شيوعًا وخطورة في تطبيقات الويب، مما يجعل معالجتها أمرًا ضروريًا لحماية سرية وسلامة الأنظمة. تم إجراء دراسة شاملة لاستكشاف طرق الكشف عن هذه الهجمات والوقاية منها، مع التركيز على الحلول الحالية ومحدودياتها. وفي هذا السياق، تم ابتكار إطار جديد يُسمى BACAD، يعتمد على تقنيات الذكاء الاصطناعي لاكتشاف هجمات VBAC والتصدي لها في الوقت الفعلي. يتكون BACAD من مرحلتين: الأولى تصنيف دور المستخدم باستخدام نموذج ذكاء اصطناعي مدرّب، والثانية اتخاذ القرار من خلال مقارنة الطلبات مع معلومات الجلسة للتحقق من كونها هجمات أم لا. يتميز BACAD بكفاءته العالية ومرونته، ويُظهر فاعلية في حماية التطبيقات من أنواع متعددة من هجمات VBAC، مما يجعله مساهمة مهمة في تحسين أمان تطبيقات الويب |
| 530 ## - ADDITIONAL PHYSICAL FORM AVAILABLE NOTE |
|---|
| Issues CD |
Issues also as CD. |
| 546 ## - LANGUAGE NOTE |
|---|
| Text Language |
Text in English and abstract in Arabic & English. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
Computer security |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
أمن الحاسوب |
| 653 #1 - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
Broken Access Control |
| -- |
Vertical Access Control Vulnerabilities |
| -- |
Vertical Access Control Exploitation |
| -- |
Vertical Access Control Attacks |
| -- |
Broken Access Control Attack Detector |
| -- |
Web Application Security |
| -- |
Logical Vulnerabilities |
| -- |
Exploit Detection |
| -- |
كاشف هجمات كسر التحكم في الوصول |
| -- |
ثغرات التحكم الرأسي في الوصول |
| 700 0# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Salwa Ahmed Saad Ali El-Gamal |
| Relator term |
thesis advisor. |
| 700 0# - ADDED ENTRY--PERSONAL NAME |
|---|
| Personal name |
Basheer Abdel Fattah Youssef |
| Relator term |
thesis advisor. |
| 900 ## - Thesis Information |
|---|
| Grant date |
01-01-2025 |
| Supervisory body |
Salwa Ahmed Saad Ali El-Gamal |
| -- |
Basheer Abdel Fattah Youssef |
| Universities |
Cairo University |
| Faculties |
Faculty of Computers and Artificial Intelligence |
| Department |
Department of Computer Science |
| 905 ## - Cataloger and Reviser Names |
|---|
| Cataloger Name |
Shimaa |
| Reviser Names |
Eman Ghareb |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) |
|---|
| Source of classification or shelving scheme |
Dewey Decimal Classification |
| Koha item type |
Thesis |
| Edition |
21 |
| Suppress in OPAC |
No |