Behzad Ousat
Florida International University
Lecture Information
CASE 349 and Zoom
2024-10-25 13:00:00
Abstract
The web traffic associated with automated bots interacting with web applications has rapidly grown in recent years. The share of automated traffic has increased to 49.6%, almost equalling human traffic. While a portion of this traffic is associated with harmless data scraping or indexing agents, many other automated agents are responsible for launching sophisticated cyberattacks such as vulnerability scanning and adversarial fuzzing, account hijacking, and credential stuffing. With the increasing popularity of Artificial Intelligence (AI), these adversarial scanners have evolved in their ability to evade traditional detection mechanisms by mimicking human behavior. This project aims to address the limitations of today's defense mechanisms and propose enhancements for novel solutions capable of detecting increasingly sophisticated AI-driven bots. We develop a custom defense layer by collecting spatio-temporal artifacts to model the interaction of remote agents with web applications and identify the purpose of the visitor. This proposal is structured around three topics: 1) Investigate the limitations of the contemporary defenses, 2) Propose AI-assisted frameworks for the classification and attribution of automated web scanners, 3) Analyse the robustness of the framework through adversarial methods and real-world deployment.
Biography
Behzad Ousat is a Ph.D. candidate at the Knight Foundation School of Computing and Information Sciences (KFSCIS) at Florida International University (FIU). Behzad Joined Systems Security Lab (SecLab) under Dr. Kharraz supervision in 2022. His research focuses on web and browser security. His research aims to develop data-driven approaches to identify emerging threats and technology abuses at scale. Behzad has published several papers at conferences including ACM AsiaCCS, The Web Conference (WWW), and the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). He has also served as reviewer in several known venues including IEEE Transactions on Information Forensics & Security (TIFS). Behzad holds a B.Sc. in Computer Engineering from the University of Tehran and a M.Sc. from Sharif University of Technology.