Authors: Asrul H. Yaacob, Nazrul M. Ahmad, Nurul N. Ahmad, Mardeni Roslee

Abstract:

The proliferation of web application and the pervasiveness of mobile technology make web-based attacks even more attractive and even easier to launch. Web Application Firewall (WAF) is an intermediate tool between web server and users that provides comprehensive protection for web application. WAF is a negative security model where the detection and prevention mechanisms are based on predefined or user-defined attack signatures and patterns. However, WAF alone is not adequate to offer best defensive system against web vulnerabilities that are increasing in number and complexity daily. This paper presents a methodology to automatically design a positive security based model which identifies and allows only legitimate web queries. The paper shows a true positive rate of more than 90% can be achieved.

Keywords: Intrusion Detection System, Positive Security Model, Web application Firewall

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1084123

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2687

References:

[1] T. Scholte, D. Balzarotti, and E. Kirda, "Have things changed now? An empirical study on input validation vulnerabilities in web applications," Computers & Security, vol. 31, no. 3, pp. 344-356, May 2012.
[2] OWASP, "OWASP Top 10 Application Security Risks - 2010," OWASP The Open Web Application Security Project, Tech. Rep., 2010.
[3] WhiteHat Security, "WhiteHatWebsite Security Statistic Report -Winter 2011," WhiteHat Security, Tech. Rep., 2011.
[4] Symantec Corp., "Symantec Internet Security Threat Report," Symantec Inc., Tech. Rep., 2011.
[5] H. T. Nguyen, C. Torrano-Gimenez, G. Alvarez, S. Petrovi'c, and K. Franke, "Application of the Generic Feature Selection Measure in Detection of Web Attacks," in Computational Intelligence in Security for Information Systems, ser. Lecture Notes in Computer Science, vol. 6694. Springer, 2011, pp. 25-32.
[6] M. F. Abdollah, A. H. Yaacob, S. Shahib, I. Mohamad, and M. F. Iskandar, "Revealing the Influence of Feature Selection for Fast Attack Detection," International Journal of Computer Science and Network Security, vol. 8, no. 8, pp. 107-115, 2007.
[7] A. Moosa, "Artificial Neural Network based Web Application Firewall for SQL Injection," World Academy of Science, Engineering and Technology, no. 64, pp. 12-21, 2010.
[8] V. Alarcon-Aquino, C. A. Oropeza-Clavel, J. Rodriguez-Asomoza, O. Starostenko, and R. Rosas-Romero, Intrusion Detection and Classification of Attacks in High-Level Network Protocols Using Recurrent Neural Networks. Springer Netherlands, 2010, pp. 129-134.
[9] A. H. Yaacob, I. K. T. Tan, S. F. Chien, and H. K. Tan, "ARIMA Based Network Anomaly Detection," in 2010 Second International Conference on Communication Software and Networks, no. 1. Ieee, 2010, pp. 205- 209.
[10] A. Gulve, "Survey On Intrusion Detection System," International Journal Of, vol. 4, no. 1, pp. 7-13, 2011.
[11] A. Razzaq, A. Hur, M. Masood, K. Latif, H. F. Ahmad, and H. Takahashi, "Foundation of Semantic Rule Engine to Protect Web Application Attacks," in Autonomous Decentralized Systems (ISADS), 2011 10th International Symposium on. Ieee, 2011, pp. 95-102.
[12] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee, "RFC 2616, Hypertext Transfer Protocol - HTTP/1.1," 1999.
[13] F. S. Rietta and G. Way, "Application layer intrusion detection for SQL injection," in Proceedings of the 44th annual southeast regional conference on ACMSE 44. ACM Press, 2006, p. 531.
[14] S. Stankovic and D. Simic, "A Holistic Approach to Securing Web Applications," Journal of Computing, vol. 2, no. 1, pp. 16-20, Jan. 2010.
[15] R. Koch, "Towards Next-Generation Intrusion Detection," in Cyber Conflict (ICCC), 2011 3rd International, 2011, pp. 1-18.
[16] D. Bates, A. Barth, and C. Jackson, "Regular expressions considered harmful in client-side XSS filters," in Proceedings of the 19th international conference on World wide web - WWW -10. New York, New York, USA: ACM Press, Apr. 2010, p. 91.
[17] O. Maor and A. Shulman, "SQL Injection Signature Evasion Whitepaper," 2004.
[18] C. Torrano-Gimenez, A. Perez-Villegas, and G. Alvarez, "A Selflearning Anomaly-Based Web Application Firewall," in Computational Intelligence in Security for Information Systems, ser. Advances in Intelligent and Soft Computing, A. Herrero, P. Gastaldo, R. Zunino, and E. Corchado, Eds. Springer Berlin / Heidelberg, 2009, vol. 63, pp. 85-92.
[19] P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," Computers & Security, vol. 28, no. 1-2, pp. 18-28, Feb. 2009.
[20] A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani, "Toward developing a systematic approach to generate benchmark datasets for intrusion detection," Computers & Security, vol. 31, no. 3, pp. 357-374, 2012.