Abstract
Advances in web frameworks input validation shifted the attacks towards exploiting applications’ business logic. The absence of accurate business rules representation expanded the logical vulnerability surface. We propose an accurate and efficient approach for discovering the business logic of real-world web applications utilizing the dynamic behavior. Our solution discovered conditional business rules defined over one-to-one and one-to-many implicit dependency relations. Moreover, minimized the negative effect of substitute relations. Our results indicate a high precision in recovering positive long-distance dependency relations from the observed behavior.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Alkofahi, H., Umphress, D., Alawneh, H.: Preparing HTTP traffic for process mining. In: 2022 13th International Conference on Information and Communication Systems (ICICS), pp. 142–148. IEEE, June 2022
Chaparro, O., Aponte, J., Ortega, F., Marcus, A.: Towards the automatic extraction of structural business rules from legacy databases. In: 2012 19th Working Conference on Reverse Engineering (WCRE), pp. 479–488. IEEE, October 2012
Normantas, K., Vasilecas, O.: A systematic review of methods for business knowledge extraction from existing software systems. Baltic J. Mod. Comput. (BJMC) 1(1–2), 29–51 (2013)
Pellegrino, G., Balzarotti, D.: Toward black-box detection of logic flaws in web applications. In: NDSS, February 2014
Wen, L., Wang, J., Sun, J.: Detecting implicit dependencies between tasks from event logs. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 591–603. Springer, Heidelberg (2006). https://doi.org/10.1007/11610113_52
Wan, Q., An, A.: Efficient mining of indirect associations using HI-mine. In: Xiang, Y., Chaib-draa, B. (eds.) AI 2003. LNCS, vol. 2671, pp. 206–221. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-44886-1_17
Hay, D., Healy, K.A., Hall, J.: Defining business rules-what are they really. The Business Rules Group, vol. 400 (2000)
Weijters, A.J.M.M., Ribeiro, J.T.S.: Flexible heuristics miner (FHM). In: 2011 IEEE Symposium on Computational Intelligence and Data Mining (CIDM), pp. 310–317. IEEE, April 2011
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Alkofahi, H., Umphress, D., Alawneh, H. (2022). Discovering Conditional Business Rules in Web Applications Using Process Mining. In: Pardede, E., Delir Haghighi, P., Khalil, I., Kotsis, G. (eds) Information Integration and Web Intelligence. iiWAS 2022. Lecture Notes in Computer Science, vol 13635. Springer, Cham. https://doi.org/10.1007/978-3-031-21047-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-21047-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21046-4
Online ISBN: 978-3-031-21047-1
eBook Packages: Computer ScienceComputer Science (R0)