Clustering App Attacks with Machine Learning Part 3: Algorithm Results

Clustering App Attacks with Machine Learning Part 3: Algorithm Results

In the previous blog posts in this series, we discussed the motivation for clustering attacks and the data used and how to calculate the distance between two attacks using different methods on each feature we extracted. In this final blog post, we’ll discuss the clustering algorithm itself – how to ... Read More
Levenshtein distance example

Clustering App Attacks with Machine Learning (Part 2): Calculating Distance

In our previous post in this series we discussed our motivation to cluster attacks on apps, the data we used and how we enriched it by extracting more meaningful features out of the raw data. We talked about the many features that can be extracted from IP and URL. In ... Read More
parts of a HTTP request

Clustering App Attacks with Machine Learning Part 1: A Walk Outside the Lab

A lot of research has been done on clustering attacks of different types using machine learning algorithms with high rates of success. Much of it from the comfort of a research lab, with specific datasets and no performance limitations. At Imperva, our research is done for the benefit of real ... Read More
The Catch 22 of Base64: Attacker Dilemma from a Defender Point of View

The Catch 22 of Base64: Attacker Dilemma from a Defender Point of View

Web application threats come in different shapes and sizes. These threats mostly stem from web application vulnerabilities, published daily by the vendors themselves or by third-party researchers, followed by vigilant attackers exploiting them. To cover their tracks and increase their attack success rate, hackers often obfuscate attacks using different techniques ... Read More
New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks

New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks

It’s early in 2018 and we have already witnessed one of the top contenders in this year’s web application attacks. Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code execution (RCE) attacks ... Read More