Web Client Research Articles

A Dynamic & Combined Framework for Predicting Phishing Attack

With the fast improvement of web applications, and with the solace gave by these web applications, web clients’ use this advantages, as it were, that they make practically the entirety of their everyday exercises, for example, newspaper reading, shopping, bill payment, ticket booking and entertainment with the assistance of the web. This wonder powers the clients of the web to get associated with the web for a drawn-out time and consequently it builds the odds of the clients to get trapped in the snare of phishing – an assault made by programmers to take delicate data by enticing the clients with rewarding offers at first and afterward diverting them to a fake website(which the client may not presume) where they can mislead the client by requesting that they present their credentials(usually clients present their credentials without realizing that these are phony offers made with a sole aim of taking delicate data ). Notwithstanding the caution and mindfulness given by the web community right now, and more phishing craftsman prevail in their attack. Likewise, these phishing craftsmen create novel attacks, for example, tab grabbing, site mirroring and so forth that draws in increasingly more web clients to be trapped in the snare of phishing. Anyway, numerous tools and methodologies have been created to forestall phishing and to caution clients orally and outwardly. Still, the achievement paces of the phishing attack stay high and furthermore the methodologies identified with phishing detection endures high false negative and false positive proportion. In this proposed system numerous mechanisms used to prevent phishing have been analyzed and a proficient system has been proposed to forestall phishing.

Web-based streamed waveform display using MDSplus events and Node.js

Abstract Streamed data visualization is a requirement for long lasting discharges, such as in ITER and W7X, and more in general for long lasting related experiments, such as the ITER neutral beam test facility. A prerequisite for live visualization is the ability of the underlying data system to support streaming in data acquisition. On-line visualization is routinely performed during long lasting experiments, but implementing streamed data visualization, such as strip charts, would overload the data system, especially if a large number of charts are being displayed. A different approach for streamed data visualization is proposed here, using MDSplus events, rather than directly accessing stored data. Events are implemented as UDP multicast packets and can bring data. A data acquisition program can therefore, in addition to using MDSplus for streaming data segments, generate MDSplus events bringing the most recent chunk of samples. Data carried by events are made available to Web applications by means of a Node.js server, listening for the UDP packets and updating the connected Web clients using HTML5 Server-Sent Events.

Analysis of DASH performance over time-varying end-to-end links

Video streaming today shows a widespread success, representing already the greatest portion of the Internet's IP traffic. The most common approach in today's networks is to adopt HTTP-based solutions, such as the Dynamic Adaptive Streaming over HTTP (DASH) protocol. This choice allows using general purpose web clients (web browsers) to access video streaming, while implementing a client-side dynamic rate adaptation of the streaming service. In fact, such HTTP-based approach must cope with intrinsic dynamism of the client's access network, which is a function of concurrent traffic from either the same user or other users sharing the same network resources. In addition, the network virtualization era fosters dynamic management of virtual resources that can lead to even further network variability, with significant changes of the end-to-end link characteristics in terms of bottleneck bandwidth and physical delay. Last but not least, the fruitful utilization of the satellite component in the future 5G networks implies to experience physical delay changes over a larger value range. Therefore, DASH flows will run on communication scenarios with higher and higher variability: this means that the client-side dynamic adaptation feature of DASH becomes a critical component of the whole service. This paper aims to investigate performance of two main DASH Adaptive Bit Rate (ABR) algorithm categories, throughput-based and buffer-based, over a simulated time-varying end-to-end link modeling the joint effects of continuous traffic and link changes. The goal is to provide statistical overview on the DASH ABR adaptation on challenging scenarios in order to draw some baseline recommendations for possible enhancements or modifications. The overall performance analysis is based on a customized script running in the Network Simulator 3 (NS-3).

The development of a cloud system for investigation of UAVs aerodynamic characteristics

The paper presents the results of the development of a cloud system for multi-parameter aerodynamic calculations of unmanned aerial vehicles (UAVs). The developed cloud system consists of the following functional parts: web client – provides an access to the computing cloud, allows interactively preparing a task, sending prepared data to a computing cluster, getting and visualizing calculation results; and computing cloud – provides communication with the web client using an open API and manages the computing process. The computing process of the cloud is based on using open technologies of the OpenFOAM software adapted for solving aerodynamics problems. The authors carried out parametric studies of the external flow of UAV at free-stream velocities of 20, 25, 30 m/s with angles of attack from –4 to 12 degrees. It was found that the smallest drag force is observed for 0-3 degrees of the angle of attack of the flying wing, and the best lift to drag ratio is detected for 5 degrees attack angle. For 5 degrees attack angle the lift force is 47 N for an air free-stream velocity 20 m/s, 74 N – 25 m/s, 106 N – 30 m/s.

A novel hybrid approach of SVM combined with NLP and probabilistic neural network for email phishing

Phishing attacks are one of the slanting cyber-attacks that apply socially engineered messages that are imparted to individuals from expert hackers going for tricking clients to uncover their delicate data, the most mainstream correspondence channel to those messages is through clients' emails. Phishing has turned into a generous danger for web clients and a noteworthy reason for money related misfortunes. Therefore, different arrangements have been created to handle this issue. Deceitful emails, also called phishing emails, utilize a scope of impact strategies to convince people to react, for example, promising a fiscal reward or summoning a feeling of criticalness. Regardless of far reaching alerts and intends to instruct clients to distinguish phishing sends, these are as yet a pervasive practice and a worthwhile business. The creators accept that influence, as a style of human correspondence intended to impact others, has a focal job in fruitful advanced tricks. Cyber criminals have ceaselessly propelling their techniques for assault. The current strategies to recognize the presence of such malevolent projects and to keep them from executing are static, dynamic and hybrid analysis. In this work we are proposing a hybrid methodology for phishing detection incorporating feature extraction and classification of the mails using SVM. At last, alongside the chose features, the PNN characterizes the spam mails from the genuine mails with more exactness and accuracy.

Web-based dissemination of continuously generalized space-scale cube data for smooth user interaction

ABSTRACTThe Space-Scale Cube (SSC) model stores the result of a generalization process, that supports smooth scale transitions for map objects. The third dimension is used to describe geometrically the smooth transitions between objects at different levels of detail. Often-used map generalization operators fit in this SSC model. The 3D SSC model to derive 2D maps can be used in a mobile web client, where these days powerful graphics hardware is available. This article shows the steps needed for producing and disseminating SSC data with smooth transitions over the web. Firstly, we explain how SSC data can be obtained and subsequently be rendered by making effective use of the GPU. Secondly, we show how we organize data in chunks and how this ‘chunked’ data can be used for efficient communication between client and server. In the third place, we describe which operations can be used on the client side for deriving maps. Fourthly, the SSC also allows for (a) mixed abstraction slicing surfaces useful for highlighting specific regions by showing more detail and (b) near-intersection blending, which helps to prevent abrupt transitions while the slicing surface is in motion. Finally, we show how animated pan and zoom functionalities may be realized. A set of prototypes allows us to disseminate the data with smooth transitions on the web and in practice judge the effect of continuous generalization and animating the map image.

SpiderTrap—An Innovative Approach to Analyze Activity of Internet Bots on a Website

The main idea behind creating SpiderTrap was to build a website that can track how Internet bots crawl it. To track bots, honeypot dynamically generates different types of the hyperlinks on the web pages leading from one article to another and logs information passed by web clients in HTTP requests when visiting these links. By analyzing the sequences of visited links and passed HTTP requests it is possible to: detect bots, reveal bots' crawling or scanning algorithms, and other characteristic features of the traffic they generate. In our research we focused on identifying and describing whole bots' operations rather than just classifying single HTTP requests. This novel approach has given us insight into what different types of Internet bots are looking for and how they work. This information can be used to optimize the websites for search engines' bots for a better place on a search's results page or prepare a set of rules for tools that filter traffic to the web pages to minimize the impact of bad and unwanted bots on the websites' availability and security. We present the results of the five months of SpiderTrap's activity when honeypot was accessible by two domains (.pl and.eu), as well as by an IP address. The results show examples of activity of well-known Internet bots, such as Googlebot or Bingbot, unknown crawlers, and scanners trying to exploit vulnerabilities in the most popular web frameworks or looking for active webshells (i.e. access points to control a web server left by other attackers).

A large-scale analysis of HTTPS deployments: Challenges, solutions, and recommendations

HTTPS refers to an application-specific implementation that runs HyperText Transfer Protocol (HTTP) on top of Secure Socket Layer (SSL) or Transport Layer Security (TLS). HTTPS is used to provide encrypted communication and secure identification of web servers and clients, for different purposes such as online banking and e-commerce. However, many HTTPS vulnerabilities have been disclosed in recent years. Although many studies have pointed out that these vulnerabilities can lead to serious consequences, domain administrators seem to ignore them. In this study, we evaluate the HTTPS security level of Alexa’s top 1 million domains from two perspectives. First, we explore which popular sites are still affected by those well-known security issues. Our results show that less than 0.1% of HTTPS-enabled servers in the measured domains are still vulnerable to known attacks including Rivest Cipher 4 (RC4), Compression Ratio Info-Leak Mass Exploitation (CRIME), Padding Oracle On Downgraded Legacy Encryption (POODLE), Factoring RSA Export Keys (FREAK), Logjam, and Decrypting Rivest–Shamir–Adleman (RSA) using Obsolete and Weakened eNcryption (DROWN). Second, we assess the security level of the digital certificates used by each measured HTTPS domain. Our results highlight that less than 0.52% domains use the expired certificate, 0.42% HTTPS certificates contain different hostnames, and 2.59% HTTPS domains use a self-signed certificate. The domains we investigate in our study cover 5 regions (including ARIN, RIPE NCC, APNIC, LACNIC, and AFRINIC) and 61 different categories such as online shopping websites, banking websites, educational websites, and government websites. Although our results show that the problem still exists, we find that changes have been taking place when HTTPS vulnerabilities were discovered. Through this three-year study, we found that more attention has been paid to the use and configuration of HTTPS. For example, more and more domains begin to enable the HTTPS protocol to ensure a secure communication channel between users and websites. From the first measurement, we observed that many domains are still using TLS 1.0 and 1.1, SSL 2.0, and SSL 3.0 protocols to support user clients that use outdated systems. As the previous studies revealed security risks of using these protocols, in the subsequent studies, we found that the majority of domains updated their TLS protocol on time. Our 2020 results suggest that most HTTPS domains use the TLS 1.2 protocol and show that some HTTPS domains are still vulnerable to the existing known attacks. As academics and industry professionals continue to disclose attacks against HTTPS and recommend the secure configuration of HTTPS, we found that the number of vulnerable domain is gradually decreasing every year.

WebSocket in real time application

There has been an increase in request for real time data feeds, teleconferencing and group communication which entails full duplex connection amongst client and server. Real time web application involves clients which is also known as a browser getting updates from the server as they happen. with regards to the limit observed in old-style real-time communication which include long polling, polling server-sent events and comets, this paper recommends using upcoming Web Socket technology when dealing with real time. The Web Socket offers improved result as compared to the conventional approaches that are considered to be the good solution of providing real time information and lessens overhead acquired while communicating over the internet and offers stateful, efficient communication among Web Servers and Clients. Keywords: WebSocket, Http Polling, Http Streaming, Server-Sent Events, Comet

Standalone IoT Bioimpedance Device Supporting Real-Time Online Data Access

The use of electrical bioimpedance methods in medical and personalized healthcare applications requires sophisticated hardware and measurement settings. Here, we describe Zink , a standalone bioimpedance analyzer with Internet of Things (IoT) monitoring features. Zink can be connected to a secure wireless or local area network and accessed using any device with a Web browser and Internet access. Through a user-friendly Web-based access able to handle multiple simultaneous connections, the user(s) can perform single or multiple bioimpedance measurement(s) remotely. Zink supports the measurement of bioimpedance in both time and frequency domains using stepped-sine and multisine excitation signals. Embedded signal processing calculates bioimpedance from voltage and current signals using a coherent demodulation and the fast Fourier transform. Zink can also measure bioimpedance synchronized with either electrocardiogram (ECG) or electromyogram signals. The data is displayed on the user’s Web client from where it can be downloaded for further analysis. Zink full bandwidth is 100 mHz to 10 MHz and the average signal-to-noise ratio tested from 1 kHz to 1 MHz is 56 dB. The extended calibration method proposed here reduces the average magnitude error with respect to the existing three-parameter calibration approach by $0.6~\Omega $ (0.3%) measuring phantoms. Thoracic bioimpedance and ECG measurements on volunteers demonstrate the feasibility of detecting respiration changes while showing the results in real time on the user device’s Web browser. The performance, portability, and integration of Zink makes it a suitable standalone platform for medical and personalized health IoT monitoring applications.

Financial stock application using websocket in real time application

<p>Real time web application involves clients which is also known as a browser getting updates from the server as they happen. The finance world is moving fast, and human brains cannot sustain processing data at that speed, so algorithms are used with regards to the limit observed in old-style real-time communication which include long polling, polling server-sent events and comets, this paper uses WebSocket technology when dealing with real time applications. The Web Socket offers improved result as compared to the conventional approaches that are considered to be good solution of providing real time information and lessens overhead acquired while communicating over the internet and offers stateful, efficient communication among web servers and clients. When there is need to track companies worth/stock using a dashboard immediately and not some seconds ago, WebSocket can be used to stream data without delays.</p>

CyBy2: a strongly typed, purely functional framework for chemical data management

We present the development of CyBy2, a versatile framework for chemical data management written in purely functional style in Scala, a modern multi-paradigm programming language. Together with the core libraries we provide a fully functional example implementation of a HTTP server together with a single page web client with powerful querying and visualization capabilities, providing essential functionality for people working in the field of organic and medicinal chemistry. The main focus of CyBy2 are the diverse needs of different research groups in the field and therefore the flexibility required from the underlying data model. Techniques for writing type level specifications giving strong guarantees about the correctness of the implementation are described, together with the resulting gain in confidence during refactoring. Finally we talk about the advantages of using a single code base from which the server, the client and the software’s documentation pages are being generated. We conclude with a comparison with existing open source solutions. All code described in this article is published under version 3 of the GNU General Public License and available from GitHub including an example implementation of both backend and frontend together with documentation how to download and compile the software (available at https://github.com/stefan-hoeck/cyby2).

Root for a Phishing Page using Machine Learning

Phishing alludes of the mimicking of the first website. To infiltrate this sort of con,the correspondence claims will a chance to be starting with an official illustrative of a website alternately another institutional Furthermore starting with the place an individual need a probable benefits of the business with. (eg. PayPal,Amazon,UPS,Bank for america etc). It focuses those vunariblities Toward method for pop ups ,ads,fake login pages and so on. Web clients are pulled in Eventually Tom's perusing method for leveraging their trust on acquire their delicate data for example, such that usernames,passwords,account numbers or other data with open record on acquire loans or purchase all the merchandise through e-commerce locales. Upto 5% for clients appear on make lured under these attacks,so it might remain calm gainful for scammers-many about whom who send a large number for trick e-mails An day. In this system,we offer an answer with this issue Toward settling on those client mindful of such phishing exercises Eventually Tom's perusing identifying the trick joins Furthermore urls Toward utilizing the blending of the The majority powerful calculations for machine learning, Concerning illustration An result, we infer our paper with correctness from claiming 98.8% What's more mix from claiming 26 offers. The best algorithm being ,the logistic regression model.

MISS-D: A fast and scalable framework of medical image storage service based on distributed file system

Background and Objective Processing of medical imaging big data is deeply challenging due to the size of data, computational complexity, security storage and inherent privacy issues. Traditional picture archiving and communication system, which is an imaging technology used in the healthcare industry, generally uses centralized high performance disk storage arrays in the practical solutions. The existing storage solutions are not suitable for the diverse range of medical imaging big data that needs to be stored reliably and accessed in a timely manner. The economical solution is emerging as the cloud computing which provides scalability, elasticity, performance and better managing cost. Cloud based storage architecture for medical imaging big data has attracted more and more attention in industry and academia.Methods This study presents a novel, fast and scalable framework of medical image storage service based on distributed file system. Two innovations of the framework are introduced in this paper. An integrated medical imaging content indexing file model for large-scale image sequence is designed to adapt to the high performance storage efficiency on distributed file system. A virtual file pooling technology is proposed, which uses the memory-mapped file method to achieve an efficient data reading process and provides the data swapping strategy in the pool.Result The experiments show that the framework not only has comparable performance of reading and writing files which meets requirements in real-time application domain, but also bings greater convenience for clinical system developers by multiple client accessing types. The framework supports different user client types through the unified micro-service interfaces which basically meet the needs of clinical system development especially for online applications. The experimental results demonstrate the framework can meet the needs of real-time data access as well as traditional picture archiving and communication system.Conclusions This framework aims to allow rapid data accessing for massive medical images, which can be demonstrated by the online web client for MISS-D framework implemented in this paper for real-time data interaction. The framework also provides a substantial subset of features to existing open-source and commercial alternatives, which has a wide range of potential applications.

Internet of Things: Design and Manufacture of Home Automation System with Web Server Based Arduino and Android

Home automation is an automated system created specifically to facilitate the work of humans, especially at home. Home Automation connects electronic devices to each other in a home that is integrated using the internet network and allows it to be controlled via android smartphone and web client (server). On android smartphone installed applications that have been connected with Arduino microcontroller and Ethernet shield. In this research for controlling or retrieving data via Ethernet network the easiest is Arduino serve as server and we can request and arrange data through web client or android application then data will be sent using protocol User Datagram Protocol (UDP). So to control the electronic devices can be done from a considerable distance as long as connected to the internet.

QTLbase: an integrative resource for quantitative trait loci across multiple human molecular phenotypes.

Recent advances in genome sequencing and functional genomic profiling have promoted many large-scale quantitative trait locus (QTL) studies, which connect genotypes with tissue/cell type-specific cellular functions from transcriptional to post-translational level. However, no comprehensive resource can perform QTL lookup across multiple molecular phenotypes and investigate the potential cascade effect of functional variants. We developed a versatile resource, named QTLbase, for interpreting the possible molecular functions of genetic variants, as well as their tissue/cell-type specificity. Overall, QTLbase has five key functions: (i) curating and compiling genome-wide QTL summary statistics for 13 human molecular traits from 233 independent studies; (ii) mapping QTL-relevant tissue/cell types to 78 unified terms according to a standard anatomogram; (iii) normalizing variant and trait information uniformly, yielding >170 million significant QTLs; (iv) providing a rich web client that enables phenome- and tissue-wise visualization; and (v) integrating the most comprehensive genomic features and functional predictions to annotate the potential QTL mechanisms. QTLbase provides a one-stop shop for QTL retrieval and comparison across multiple tissues and multiple layers of molecular complexity, and will greatly help researchers interrogate the biological mechanism of causal variants and guide the direction of functional validation. QTLbase is freely available at http://mulinlab.org/qtlbase.

Accessing standardized acoustic metadata: A web-based graphical interface for an acoustic metadata server

The Tethys acoustic metadata workbench consists of a set of vocabulary terms designed to provide a standard method to represent detections, classifications, and localizations of biological, ambient, and anthropogenic signals in acoustic data; and a database that permits users to archive and manipulate these data as well as access contextual data such as ephemeris, sea surface temperature, etc. We present a new graphical web client for Tethys that adds a robust set of tools for extensive data exploration in a visualization environment that includes maps and data conversion utilities along with the ability to save queries to provide repeatable results. The web interface provides the ability to query and visualize acoustic data from a web browser with little prior experience. A graphical interface permits the generation of queries without knowledge of the underlying XQuery database language. The standard mode is designed for users with limited knowledge of the Tethys schemata to obtain basic information, see results on a map, and save data in a variety of formats such as Matlab, CSV, and R. Advanced users can switch to a more comprehensive interface that lets them construct and share more sophisticated queries for general use.The Tethys acoustic metadata workbench consists of a set of vocabulary terms designed to provide a standard method to represent detections, classifications, and localizations of biological, ambient, and anthropogenic signals in acoustic data; and a database that permits users to archive and manipulate these data as well as access contextual data such as ephemeris, sea surface temperature, etc. We present a new graphical web client for Tethys that adds a robust set of tools for extensive data exploration in a visualization environment that includes maps and data conversion utilities along with the ability to save queries to provide repeatable results. The web interface provides the ability to query and visualize acoustic data from a web browser with little prior experience. A graphical interface permits the generation of queries without knowledge of the underlying XQuery database language. The standard mode is designed for users with limited knowledge of the Tethys schemata to obtain basic information, see...

Geospatial Semantic Query Engine for Urban Spatial Data Infrastructure

The research aims at design and develop a special semantic query engine “CityGML Spatial Semantic Web Client (CSSWC)” that facilitates ontology-based multicriteria queries on CityGML data in OGC standard. Presently, there is no spatial method, spatial information infrastructure or any tool to establish the spatial semantic relationship between the 3D city objects in CityGML model. The present work establishes the spatial and semantic relationships between the 3DCityObjects and facilitates ontology-driven spatial semantic query engine on 3D city objects, class with multiple attributes, spatial semantic relations like crosses, nearby, etc., with all other city objects. This is a novel and original work practically implemented generic product for any 3D CityGML model on the globe. A user-friendly form-based interface is designed to compose effective ontology based GeoSPARQL query. CSSWC enhances CityGML applications performance through effective and efficient querying system.

Design of Beidou Satellite System in Ocean Logistics Real-Time Tracking System

Hao, Q.; Wang, Z.-F. and Qin, L.-L., 2019. Design of Beidou satellite system in ocean logistics real-time tracking system. In: Gong, D.; Zhu, H., and Liu, R. (eds.), Selected Topics in Coastal Research: Engineering, Industry, Economy, and Sustainable Development. Journal of Coastal Research, Special Issue No. 94, pp. 204–207. Coconut Creek (Florida), ISSN 0749-0208.In order to ensure the quality and safety of pelagic fish catches in the process of transportation, administrator needs to carry out real-time monitoring and management to the transport and quality status during this period and establish a complete management system. This paper puts forward that the real-time online monitoring of transport location, catches temperature, humidity, PH value and other physical property data can be used during the application process of Beidou System and RFID temperature tags in the cold chain logistics of ocean catches. The system consists of 3 parts, i.e. vehicle or vessel tracking, parameter monitoring and data management and analysis. The system applies the technologies such as Beidou, ZigBee and Internet as well as the Java-programming client web page structure and the traditional SSH2 as its code framework. Hence, it realizes the real-time monitoring of whole catches transportation logistics process and makes administrator timely know about the status of catches so as to ensure the product quality. This system can guarantee the quality, safety and transport efficiency of pelagic fish products and provides a support for the building of cold chain logistics system.

Enhanced Detection Algorithms to Detect HTTP DDoS

A web application utilizes Hypertext Transfer Protocol (HTTP) to surf client requests. This protocol is used widely, especially in business areas such as in online transactions and websites, including in government websites. A client delivers information to a server carried by a client web browser. An HTTP distributed denial of service (DDoS) attack occurs when the attacker is able to mimic client information, which makes a DDoS attack at the application layer difficult to distinguish as the traffic pattern is similar to a genuine request. Furthermore, it is not compulsory for the client to present the GET headers component to a web server during the GET request transaction. Existing detection of HTTP DDoS attacks still faces challenges in differentiating between authentic and bogus GET requests in real time. In this paper, a fast algorithm (FARGO) method to detect HTTP DDoS attacks is introduced. FARGO consists of three detection algorithms to recognize HTTP DDoS categories as request flooding attacks. The assessment of the proposed detection system was conducted in real experimental conditions with real attack scripts. The proposed detection method provided expected outcomes with improvements of 11.30% for true positive rates and 8.9% for false-positive rates.