Acknowledgement
Supported by : 강원대학교, 한국인터넷진흥원(KISA)
References
- W.W. Eckerson, "Three tier client/server architecture: Achieving scalability, performance, and efficiency in client server applications," Open Information Systems, Vol. 3, No. 10, pp. 46-50, Oct. 1995.
- SANS, The top cyber security risks [Online]. Available: http://www.sans.org/top-cyber-security-risks, 2011.
- CVE, Common vulnerabilities and exposures [Online]. Available: http://www.cve.mitre.org, 2011.
- Symantec, Five common web application vulnerabilities [Online]. Available: http://www.symantec.com/connect/articles/five-common-web-applicationvulnerabilities, 2011.
- C. Anley, "Advanced SQL injection in SQL server applications," Tech. Report, Next Generation Security Software, Ltd., 2002.
- Y. Shin, L. Williams, and T. Xie, "SQLUnitGen: Test case generation for SQL injection detection," Tech. Report TR 2006-21, Computer Science Dept., North Carolina State Univ., 2006.
- M. Le, A. Stavrou and B. B. Kang, "DoubleGuard: Detecting intrusions in multitier web applications," IEEE Transactions on Dependable and Secure Computing, Vol. 9, No. 4, pp. 512-525, Jul./Aug., 2012. https://doi.org/10.1109/TDSC.2011.59
- G. Vigna, "A stateful intrusion detection system for world-wide web servers," Proc. of IEEE Computer Security Applications Conference, pp. 34-43, 2003.
- M. Doroudian, "Database intrusion detection system for detecting malicious behaviors intransaction and inter-transaction levels," Proc. of International Symposium on Telecommunication, pp. 809-814, 2014.
- J. Newsome, B. Karp, and D.X. Song, "Polygraph: Automatically generating signatures for polymorphic worms," Proc. of IEEE Symposium on Security and Privacy, pp. 226-241, 2005.
- H. A. Kim and B. Karp, "Autograph: Toward automated distributed worm signature detection," Proc. of USENIX Security Symposium, 2004.
- Zhenkai Liang and R. Sekar, "Fast and automated generation of attack signatures: A basis for building self-protecting servers," Proc. of ACM Conference on Computer and Communication Security, pp. 213-222, 2005.
- B.I.A. Barry and H.A. Chan, "Syntax, and semantics-based signature database for hybrid intrusion detection systems," Security and Comm. Networks, Vol. 2, No. 6, pp. 457-475, Dec. 2009.
- C. Sinclair, "An application of machine learning to network intrusion detection," Proc. of IEEE Computer Security Applications Conference, pp. 371-377, 1999.
- C. F. Tsai, "Intrusion detection by machine learning: A review," Expert Systems with Applications, Vol. 36, No. 10, pp. 11994-12000, Dec. 2009. https://doi.org/10.1016/j.eswa.2009.05.029
- A. U. Patil and A. M. Dixit, "WebGuard: Enhancing Intrusion Detection in Multitier Web Applications," International Journal of Computer Applications, Vol. 95, No. 9, pp. 29-35, Jun. 2014. https://doi.org/10.5120/16624-6477
- N. S. Kulkarni and N. C. Thoutam, "Dual Protector: Intrusion detection scheme using double firewall in Multitier Architecture," International Journal of Advancement in Engineering Technology, Management & Applied Science, Vol. 3, No. 1, pp. 67-76, Jan. 2016.
- R. M. Pandurang and D. C. Kaira, "A mappingbased model for preventing cross site scripting and SQL injection attacks on web application and its impact analysis," Proc. of International Conference on Next Generation Computing Technologies, pp. 414-418, 2015.
- WordPress [Online], Available: http://www.wordpress.org, 2016.
- MySQL [Online]. Available: https://www.mysql.com, 2016.
- ModSecurity [Online]. Available: https://www.modsecurity.org, 2016.
- MySQL Proxy [Online]. Available: https://dev.mysql.com/doc/mysql-proxy/en, 2016.
- Form submission algorithm, HTML5, W3C recommendation, Oct. 2014.
- ANSI/ISO/IEC International Standard (IS) Database Language SQL-Part 2: Foundation (SQL/Foundation). 1999.
- M. T. Goodrich and R. Tamassia, Data Structures and Algorithms in Java, 4th ed., John Wiley & Sons, Inc., 2005.
- G. Navarro, "A guided tour to approximate string matching," ACM Computing Surveys, Vol. 33, No. 1, pp. 31-88, Mar. 2011.
- W3Techs, Usage of content management systems for websites [Online]. Available: http://w3techs.com/technologies/overview/content_management/all/, 2016.