1. Full name: Nguyen Hanh Phuc,                      2. Sex: Male

3. Date of birth: 24th May 1978,                         4. Place of birth: HaiPhong City

5. Admission decision number: 1006/QĐ-CTSV, Dated 07th December 2015 by the Principal VNU University Engineering and Technology of Vietnam National University, Ha Noi.

6. Changes in academic process:

- Change the topic of the Phd thesis according to Decision No. 492 Date June 4, 2018 by the Principal VNU University Engineering and Technology of Vietnam National University, Ha Noi.

- Extend the study for another two academic years (2018 - 2019, 2019 - 2020) according to the Decision No. 1260/QĐ-ĐT by the Principal of VNU - University of Engineering and Technology, dated December 13, 2018.

- Return to the local area according to Decision No. 102/QD-DT dated February 4, 2021, by the Principal of VNU - University of Engineering and Technology, dated December 13, 2018.

- Extend the PhD dissertation defense period according to the official letter No. 06/ĐHQGHN-ĐT dated January 3, 2023 by the director of Vietnam National University, Hanoi.

7. Official thesis title: Some methods to ensure security and constrain execution time for Web applications

8. Major: Software Engineering, 9. Code: 9480103.01

10. Supervisors: Assoc. Prof. Dr. Truong Ninh Thuan

11. Summary of the new findings of the thesis:

The main contributions of the thesis include:

Firstly, the thesis proposes a method for analyzing the access logs of a web system to detect abnormal user behaviors, helping to identify real-time signs of denial-of-service (DoS, DDoS) attacks. Denial-of-service attacks are one of the most common types of attacks on networks, involving the sending of thousands or millions of unnecessary requests, overloading the machine and system resources, and causing severe consequences to the system. This method focuses on detecting unusual signs of user behaviors to aid in the early detection of DDoS attacks. Specifically, it detects and alerts IP addresses with high access to the system in real-time processing frames. Additionally, this method has been implemented in the Shopbase web system with Apache Spark and Kubernetes technologies, showing positive effectiveness in practice.

Secondly, the thesis proposes a method for testing the detection of XSS (Cross-Site Scripting) attacks for web applications. The introduced method suggests an automated testing framework for web applications using Java, integrated with Selenium and TestNG, providing features for automated testing. Moreover, it proposes a method using Q-learning to automatically generate test paths for penetration testing on web applications. The test paths are quickly generated by improving the reward matrix to rapidly track the next state, saving time in creating test paths. Additionally, a tool is developed to generate test paths capable of containing XSS attacks on web applications and a tool to perform automated testing according to the proposed framework.

Finally, the thesis proposes a method to verify the execution process of events in Event-Driven Architecture (EDA). The introduced method is an approach to verify the occurrence of events in a real-time execution Event-Driven Architecture. The algorithms of this method will verify the relationship between events and ensure that they meet specifications. The research applied this method to a real EDA application and demonstrated its effectiveness. The results show that this method can detect violations of event time and improve the reliability and predictability of real-time EDA systems. This is an advanced and effective method to address challenging issues in verifying real-time EDA systems.

12. Practical applicability: Detecting DoS, DDoS, XSS attacks and verifying the occurrence of events during execution time.

13. Further research directions: Applying the methods to real-world environments, integrating with other security solutions. Future research may focus on developing solutions for issues such as enhancing system availability, reducing the number of false alarms, and improving system adaptability.

14. Thesis-related publications:

Research projects directly related to the thesis:

1. Hanh-Phuc Nguyen, Hong-Anh Le, and Ninh-Thuan Truong, jFAT: An automation framework for web application testing, ICCASA 2018/ICTCC 2018, LNICST 266, pp. 48-57, (2018).

2. Hanh-Phuc Nguyen, Thanh-Nhan Luong and Ninh-Thuan Truong, Generating Test Paths to Detect XSS Vulnerabilities of Web Applications, 2022 9th NAFOSTED Conference on Information and Computer Science (NICS), IEEE, pp. 287-293, (2022).

3. Hanh-Phuc Nguyen, Thanh-Nhan Luong, Thi-Huong Dao, and Ninh-Thuan Truong, An approach to prevent DDoS attack using real-time access logs analysis, ACIIDS 2023 - 15th Asian Conference on Intelligent Information and Database Systems 24-26 July 2023 Phuket, Thailand Proceedings, pp. 92-105, (2023).

4. Thanh-Binh Trinh, Hanh-Phuc Nguyen, Dinh-Hai Nguyen, Van-Khanh To, and Ninh-Thuan Truong, Checking Temporal Constraints of Events in EBS at Runtime, (submited “The journal Cybernetics and Information Technologies (CIT BAS, ISI index) have received the results of the first round of reviews, and revisions are needed for the second round of reviews.”

In addition to the above works, the author also participated in a number of other research projects as follows:

1. Thanh-Nhan Luong, Hanh-Phuc Nguyen and Ninh-Thuan Truong, VeRA: Verifying RBAC and authorization constraints models of web applications, International Journal of Software Engineering and Knowledge Engineering, IJSEKE, Vol. 31, No. 05, pp. 655-675 (2021), ISI index.