Research on biometrics for high security applica- tions has not attracted as much attention as civilian or foren- sic applications. Limited research and deficient analysis so far has led to a lack of general solutions...Research on biometrics for high security applica- tions has not attracted as much attention as civilian or foren- sic applications. Limited research and deficient analysis so far has led to a lack of general solutions and leaves this as a challenging issue. This work provides a systematic analy- sis and identification of the problems to be solved in order to meet the performance requirements for high security applica- tions, a double low problem. A hybrid ensemble framework is proposed to solve this problem. Setting an adequately high threshold for each matcher can guarantee a zero false accep- tance rate (FAR) and then use the hybrid ensemble framework makes the false reject rate (FRR) as low as possible. Three ex- periments are performed to verify the effectiveness and gener- alization of the framework. First, two fingerprint verification algorithms are fused. In this test only 10.55% of fingerprints are falsely rejected with zero false acceptance rate, this is sig- nificantly lower than other state of the art methods. Second, in face verification, the framework also results in a large re- duction in incorrect classification. Finally, assessing the per- formance of the framework on a combination of face and gait verification using a heterogeneous database show this frame- work can achieve both 0% false rejection and 0% false accep- tance simultaneously.展开更多
This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessment...This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.展开更多
With the growing of digitized data transforming on Internet,the issues of information security,data privacy,and forensic analysis have become more and more attracted.Researchers have provided solutions for problems in...With the growing of digitized data transforming on Internet,the issues of information security,data privacy,and forensic analysis have become more and more attracted.Researchers have provided solutions for problems in the field.The objective of this special issue is to present research and development activities in the various aspects.After a very careful review,展开更多
This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transpo...This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.展开更多
Excessive nitrogen(N) fertilization in intensive agricultural areas such as the plain region of South China has resulted in low nitrogen use efficiency and serious environmental problems. To determine the optimum N ...Excessive nitrogen(N) fertilization in intensive agricultural areas such as the plain region of South China has resulted in low nitrogen use efficiency and serious environmental problems. To determine the optimum N application rate, grain yield, apparent nitrogen recovery efficiency(ANRE), apparent N loss, and ammonium(NH_3) volatilization under different N application rates in the three years from 2012 to 2014 were studied. The results showed that the relationship between grain yields and N application rate in the three years were well fitted by quadratic equations. When N application rate reached 197 kg ha^(–1) in 2012, 199 kg ha^(–1) in 2013 and 196 kg ha^(–1) in 2014, the plateau of the grain yields appeared. With the increase of N application rate, the ANRE for rice decreased which could be expressed with sigmoidal equation; when N application rate was 305 kg ha^(–1) in 2012, 275 kg ha^(–1) in 2013 and 312 kg ha^(–1) in 2014, the curves of ANRE appeared turing points. Besides, the relationship between soil Nresidual and N application rate was fitted by the quadratic equation and the maximums of soil Nresidual were reached in the three years with the N application rate of 206, 244 and 170 kg ha^(–1), respectively. Statistical analysis indicated that NH3 volatilization and apparent N loss in three years all increased with the increasing N application rate. When the amount of NH3 volatilization increased to 11.6 kg N ha^(–1) in 2012, 40.5 kg N ha^(–1) in 2013 and 57.0 kg N ha^(–1)in 2014, the apparent N loss in the three years had obvious increase. To determine the optimum N application rate, the average N application on the plateau of the grain yield was considered as the lower limit while the average N application rate at the turning points of ANRE, the residual N in soil and apparent N loss was taken as the upper limit. According to the results in three years, the optimum N application rate for rice in Zhejiang was 197–255 kg ha^(–1).展开更多
Cancelable biometrics are required in most remote access applications that need an authentication stage such as the cloud and Internet of Things(IoT)networks.The objective of using cancelable biometrics is to save the...Cancelable biometrics are required in most remote access applications that need an authentication stage such as the cloud and Internet of Things(IoT)networks.The objective of using cancelable biometrics is to save the original ones from hacking attempts.A generalized algorithm to generate cancelable templates that is applicable on both single and multiple biometrics is proposed in this paper to be considered for cloud and IoT applications.The original biometric is blurred with two co-prime operators.Hence,it can be recovered as the Greatest Common Divisor(GCD)between its two blurred versions.Minimal changes if induced in the biometric image prior to processing with co-prime operators prevents the recovery of the original biometric image through a GCD operation.Hence,the ability to change cancelable templates is guaranteed,since the owner of the biometric can pre-determine and manage the minimal change induced in the biometric image.Furthermore,we test the utility of the proposed algorithm in the single-and multi-biometric scenarios.The multi-biometric scenario depends on compressing face,fingerprint,iris,and palm print images,simultaneously,to generate the cancelable templates.Evaluation metrics such as Equal Error Rate(EER)and Area and Receiver Operator Characteristic curve(AROC)are considered.Simulation results on single-and multi-biometric scenarios show high AROC values up to 99.59%,and low EER values down to 0.04%.展开更多
The advancement of technology and the digitization of organizational functions and services have propelled the world into a new era of computing capability and sophistication. The proliferation and usability of such c...The advancement of technology and the digitization of organizational functions and services have propelled the world into a new era of computing capability and sophistication. The proliferation and usability of such complex technological services raise several security concerns. One of the most critical concerns is cross-site scripting (XSS) attacks. This paper has concentrated on revealing and comprehensively analyzing XSS injection attacks, detection, and prevention concisely and accurately. I have done a thorough study and reviewed several research papers and publications with a specific focus on the researchers’ defensive techniques for preventing XSS attacks and subdivided them into five categories: machine learning techniques, server-side techniques, client-side techniques, proxy-based techniques, and combined approaches. The majority of existing cutting-edge XSS defensive approaches carefully analyzed in this paper offer protection against the traditional XSS attacks, such as stored and reflected XSS. There is currently no reliable solution to provide adequate protection against the newly discovered XSS attack known as DOM-based and mutation-based XSS attacks. After reading all of the proposed models and identifying their drawbacks, I recommend a combination of static, dynamic, and code auditing in conjunction with secure coding and continuous user awareness campaigns about XSS emerging attacks.展开更多
Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query ...Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query language (SQL) statement construction and cannot be applied to the new generation of web applications that use not only structured query language (NoSQL) databases as the storage tier. In this paper, we present Lom, a black-box approach for discovering many categories of logic flaws within MongoDB- based web applications. Our approach introduces a MongoDB operation model to support new features of MongoDB and models the application logic as a mealy finite state machine. During the testing phase, test inputs which emulate state violation attacks are constructed for identifying logic flaws at each application state. We apply Lom to several MongoDB-based web applications and demonstrate its effectiveness.展开更多
Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the soft...Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.展开更多
Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the soft...Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.展开更多
Research-based on user behavior analysis for authentication is the motivation for this research.We move ahead using a behavioral approach to identify malicious users and legitimate users.In this paper,we have explaine...Research-based on user behavior analysis for authentication is the motivation for this research.We move ahead using a behavioral approach to identify malicious users and legitimate users.In this paper,we have explained how we have applied big data analytics to application-layer logs and predicted malicious users by employing a Machine Learning algorithm based on certain metrics explained later in the paper.Machine Learning would present a list of IP addresses or user identification tokens(UIT),deduced from live data which would be performing a malicious activity or are suspected of malicious activity based on their browsing behavior.We have created an e-commerce web application and induced vulnerabilities intentionally for this purpose.We have hosted our setup on LAMP[1]stack based on AWS cloud[2].This method has a huge potential as any organization can imply this to monitor probable attackers thus narrowing down on their efforts to safeguard their infrastructure.The idea is based on the fact that the browsing pattern,as well as the access pattern of a genuine user,varies widely with that of a hacker.These patterns would be used to sort out the incoming traffic from and list out IP addresses and UIT that are the most probable cases of hack attempts.展开更多
文摘Research on biometrics for high security applica- tions has not attracted as much attention as civilian or foren- sic applications. Limited research and deficient analysis so far has led to a lack of general solutions and leaves this as a challenging issue. This work provides a systematic analy- sis and identification of the problems to be solved in order to meet the performance requirements for high security applica- tions, a double low problem. A hybrid ensemble framework is proposed to solve this problem. Setting an adequately high threshold for each matcher can guarantee a zero false accep- tance rate (FAR) and then use the hybrid ensemble framework makes the false reject rate (FRR) as low as possible. Three ex- periments are performed to verify the effectiveness and gener- alization of the framework. First, two fingerprint verification algorithms are fused. In this test only 10.55% of fingerprints are falsely rejected with zero false acceptance rate, this is sig- nificantly lower than other state of the art methods. Second, in face verification, the framework also results in a large re- duction in incorrect classification. Finally, assessing the per- formance of the framework on a combination of face and gait verification using a heterogeneous database show this frame- work can achieve both 0% false rejection and 0% false accep- tance simultaneously.
文摘This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.
文摘With the growing of digitized data transforming on Internet,the issues of information security,data privacy,and forensic analysis have become more and more attracted.Researchers have provided solutions for problems in the field.The objective of this special issue is to present research and development activities in the various aspects.After a very careful review,
文摘This paper investigates whether security headers are enforced to mitigate cyber-attacks in web-based systems in cyberspace. The security headers examined include X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Referrer-Policy, Content-Security-Policy, and Permissions-Policy. The study employed a controlled experiment using a security header analysis tool. The web-based applications (websites) were analyzed to determine whether security headers have been correctly implemented. The experiment was iterated for 100 universities in Africa which are ranked high. The purposive sampling technique was employed to understand the status quo of the security headers implementations. The results revealed that 70% of the web-based applications in Africa have not enforced security headers in web-based applications. The study proposes a secure system architecture design for addressing web-based applications’ misconfiguration and insecure design. It presents security techniques for securing web-based applications through hardening security headers using automated threat modelling techniques. Furthermore, it recommends adopting the security headers in web-based applications using the proposed secure system architecture design.
基金supported by the National Natural Science Foundation of China(41501238)the Key Technologies R&D Program of China during the 12th Five-Year Plan period(2015BAD23B03)the Special Fund for Agro-scientific Research in the Public Interest from the Ministry of Agriculture,China(201003014-02-08)
文摘Excessive nitrogen(N) fertilization in intensive agricultural areas such as the plain region of South China has resulted in low nitrogen use efficiency and serious environmental problems. To determine the optimum N application rate, grain yield, apparent nitrogen recovery efficiency(ANRE), apparent N loss, and ammonium(NH_3) volatilization under different N application rates in the three years from 2012 to 2014 were studied. The results showed that the relationship between grain yields and N application rate in the three years were well fitted by quadratic equations. When N application rate reached 197 kg ha^(–1) in 2012, 199 kg ha^(–1) in 2013 and 196 kg ha^(–1) in 2014, the plateau of the grain yields appeared. With the increase of N application rate, the ANRE for rice decreased which could be expressed with sigmoidal equation; when N application rate was 305 kg ha^(–1) in 2012, 275 kg ha^(–1) in 2013 and 312 kg ha^(–1) in 2014, the curves of ANRE appeared turing points. Besides, the relationship between soil Nresidual and N application rate was fitted by the quadratic equation and the maximums of soil Nresidual were reached in the three years with the N application rate of 206, 244 and 170 kg ha^(–1), respectively. Statistical analysis indicated that NH3 volatilization and apparent N loss in three years all increased with the increasing N application rate. When the amount of NH3 volatilization increased to 11.6 kg N ha^(–1) in 2012, 40.5 kg N ha^(–1) in 2013 and 57.0 kg N ha^(–1)in 2014, the apparent N loss in the three years had obvious increase. To determine the optimum N application rate, the average N application on the plateau of the grain yield was considered as the lower limit while the average N application rate at the turning points of ANRE, the residual N in soil and apparent N loss was taken as the upper limit. According to the results in three years, the optimum N application rate for rice in Zhejiang was 197–255 kg ha^(–1).
基金This research was funded by the Deanship of Scientific Research at Princess Nourah Bint Abdulrahman University through the Fast-track Research Funding Program to support publication in the top journal(Grant No.42-FTTJ-13).
文摘Cancelable biometrics are required in most remote access applications that need an authentication stage such as the cloud and Internet of Things(IoT)networks.The objective of using cancelable biometrics is to save the original ones from hacking attempts.A generalized algorithm to generate cancelable templates that is applicable on both single and multiple biometrics is proposed in this paper to be considered for cloud and IoT applications.The original biometric is blurred with two co-prime operators.Hence,it can be recovered as the Greatest Common Divisor(GCD)between its two blurred versions.Minimal changes if induced in the biometric image prior to processing with co-prime operators prevents the recovery of the original biometric image through a GCD operation.Hence,the ability to change cancelable templates is guaranteed,since the owner of the biometric can pre-determine and manage the minimal change induced in the biometric image.Furthermore,we test the utility of the proposed algorithm in the single-and multi-biometric scenarios.The multi-biometric scenario depends on compressing face,fingerprint,iris,and palm print images,simultaneously,to generate the cancelable templates.Evaluation metrics such as Equal Error Rate(EER)and Area and Receiver Operator Characteristic curve(AROC)are considered.Simulation results on single-and multi-biometric scenarios show high AROC values up to 99.59%,and low EER values down to 0.04%.
文摘The advancement of technology and the digitization of organizational functions and services have propelled the world into a new era of computing capability and sophistication. The proliferation and usability of such complex technological services raise several security concerns. One of the most critical concerns is cross-site scripting (XSS) attacks. This paper has concentrated on revealing and comprehensively analyzing XSS injection attacks, detection, and prevention concisely and accurately. I have done a thorough study and reviewed several research papers and publications with a specific focus on the researchers’ defensive techniques for preventing XSS attacks and subdivided them into five categories: machine learning techniques, server-side techniques, client-side techniques, proxy-based techniques, and combined approaches. The majority of existing cutting-edge XSS defensive approaches carefully analyzed in this paper offer protection against the traditional XSS attacks, such as stored and reflected XSS. There is currently no reliable solution to provide adequate protection against the newly discovered XSS attack known as DOM-based and mutation-based XSS attacks. After reading all of the proposed models and identifying their drawbacks, I recommend a combination of static, dynamic, and code auditing in conjunction with secure coding and continuous user awareness campaigns about XSS emerging attacks.
基金supported by China Scholarship Council,Tianjin Science and Technology Committee(No.12JCZDJC20800)Science and Technology Planning Project of Tianjin(No.13ZCZDGX01098)+2 种基金NSF TRUST(The Team for Research in Ubiquitous Secure Technology)Science and Technology Center(No.CCF-0424422)National High Technology Research and Development Program of Chia(863Program)(No.2013BAH01B05)National Natural Science Foundation of China(No.61402264)
文摘Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query language (SQL) statement construction and cannot be applied to the new generation of web applications that use not only structured query language (NoSQL) databases as the storage tier. In this paper, we present Lom, a black-box approach for discovering many categories of logic flaws within MongoDB- based web applications. Our approach introduces a MongoDB operation model to support new features of MongoDB and models the application logic as a mealy finite state machine. During the testing phase, test inputs which emulate state violation attacks are constructed for identifying logic flaws at each application state. We apply Lom to several MongoDB-based web applications and demonstrate its effectiveness.
文摘Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.
文摘Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.
文摘Research-based on user behavior analysis for authentication is the motivation for this research.We move ahead using a behavioral approach to identify malicious users and legitimate users.In this paper,we have explained how we have applied big data analytics to application-layer logs and predicted malicious users by employing a Machine Learning algorithm based on certain metrics explained later in the paper.Machine Learning would present a list of IP addresses or user identification tokens(UIT),deduced from live data which would be performing a malicious activity or are suspected of malicious activity based on their browsing behavior.We have created an e-commerce web application and induced vulnerabilities intentionally for this purpose.We have hosted our setup on LAMP[1]stack based on AWS cloud[2].This method has a huge potential as any organization can imply this to monitor probable attackers thus narrowing down on their efforts to safeguard their infrastructure.The idea is based on the fact that the browsing pattern,as well as the access pattern of a genuine user,varies widely with that of a hacker.These patterns would be used to sort out the incoming traffic from and list out IP addresses and UIT that are the most probable cases of hack attempts.
