• Title/Summary/Keyword: Web Application Firewall

Search Result 27, Processing Time 0.026 seconds

Classification of HTTP Automated Software Communication Behavior Using a NoSQL Database

  • Tran, Manh Cong;Nakamura, Yasuhiro
    • IEIE Transactions on Smart Processing and Computing
    • /
    • v.5 no.2
    • /
    • pp.94-99
    • /
    • 2016
  • Application layer attacks have for years posed an ever-serious threat to network security, since they always come after a technically legitimate connection has been established. In recent years, cyber criminals have turned to fully exploiting the web as a medium of communication to launch a variety of forbidden or illicit activities by spreading malicious automated software (auto-ware) such as adware, spyware, or bots. When this malicious auto-ware infects a network, it will act like a robot, mimic normal behavior of web access, and bypass the network firewall or intrusion detection system. Besides that, in a private and large network, with huge Hypertext Transfer Protocol (HTTP) traffic generated each day, communication behavior identification and classification of auto-ware is a challenge. In this paper, based on a previous study, analysis of auto-ware communication behavior, and with the addition of new features, a method for classification of HTTP auto-ware communication is proposed. For that, a Not Only Structured Query Language (NoSQL) database is applied to handle large volumes of unstructured HTTP requests captured every day. The method is tested with real HTTP traffic data collected through a proxy server of a private network, providing good results in the classification and detection of suspicious auto-ware web access.

ECA Rule-Based Timely Collaboration of Web-Based Distributed Business Systems (웹기반 분산 기업 시스템을 위한 ECA 규칙 기반 적기 협력방법)

  • Lee, Dong-Woo;Lee, Seong-Hoon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.4 s.36
    • /
    • pp.345-354
    • /
    • 2005
  • In this paper collaboration of web-based distributed business systems is analyzed and the need of timely collaboration is derived and described in terms of inter-organizational contracts. A method of event-condition-action (ECA) rule based timely collaboration to meet the need and an active functionality component (AFC) to provide the method are proposed. The proposed method supports high level rule programming and event-based immediate processing so that system administrators and programmers can easily maintain the timely collaboration independently to the application logic. The proposed AFC uses HTTP protocol to be applied through firewalls. It is implemented using basic trigger facilities of a commercial DBMS for practical purpose.

  • PDF

Using OpenWRT-based Router to Build a Multi-function Web Server (OpenWRT기반의 유무선 공유기를 활용한 다기능 웹 서버 구축)

  • Ban, Tae-Hak;Ha, Seung-Eup;Min, Jun-Ki;Jung, Hoe-Kyung
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.18 no.4
    • /
    • pp.833-838
    • /
    • 2014
  • Recently the use router is to allow multiple computers by one IP can be connect to the Internet. Also, the PC or server in order to use a Web server or a print server, Web Hard, P2P should be settings. In this paper, we are building a multi-functional Web server that using a router supported OpenWRT based on network settings and firewall settings and a variety of services. A web server can be provided the Internet phone and secure multimedia service Web server router based OpenWRT may be provided through a mobile app and the PC application service.

Implementation of Hybrid Firewall System for Network Security (전산망 보호를 위한 혼합형 방화벽 시스템 구현)

  • Lee, Yong-Joon;Kim, Bong-Han;Park, Cheon-Yong;Oh, Chang-Suk;Lee, Jae-Gwang
    • The Transactions of the Korea Information Processing Society
    • /
    • v.5 no.6
    • /
    • pp.1593-1602
    • /
    • 1998
  • In this paper, a hybrid firewall system using the screening router, dual-homed gateway, screened host galeway and the application level gateway is proposed, The screened host gateway is comjXlsed of screening router, DMZ and bastion host. All external input traffics are filtered by screening router with network protrcol filtering, and transmitted to the bastion host performing application level filtering, The dual homed gateway is an internlediate equipment prohibiting direct access from external users, The application level gateway is an equipment enabling transmission using only the proxy server. External users can access only through the public servers in the DMZ, but internal users can aeee through any servers, The rule base which allows Telnet only lo the adrnilllslratol is applied to manage hosts in the DMZ According to the equipmental results, denial of access was in orderof Web. Mail FTP, and Telnet. Access to another servers except for server in DMZ were denied, Prolocol c1mials of UDP was more than that of TCP, because the many hosts broadcasted to networds using BOOTP and NETBIOS, Also, the illegal Telnet and FTP that transfer to inside network were very few.

  • PDF

Integration of RPD Modules Using SOAP (SOAP을 이용한 쾌속제품개발모듈의 통합)

  • 김호찬;최홍태;김준안;이석희
    • Proceedings of the Korean Society of Precision Engineering Conference
    • /
    • 2003.06a
    • /
    • pp.38-41
    • /
    • 2003
  • Better understanding and sharing information are getting important to manage interdisciplinary product development team in a globally-distributed company. This study propose a solution to implement RPD(Rapid Product Development) system, focusing on rapid production process, for better understanding between development team members in different place and easy sharing of product information. The system developed by this research shows that SOAP(Simple Object Access Protocol) operates in distributed environment more efficiently than other RPC(Remote Procedure Call) techniques and it does not respond sensitively to firewall. And SOAP is an excellent RPC and messaging technique to exchange structured data. Procedures developed with use of SOAP are worked together with web, and users can use remote services as an application program in their computer.

  • PDF

Implementation of a Static Analyzer for Detecting the PHP File Inclusion Vulnerabilities (PHP 파일 삽입 취약성 검사를 위한 정적 분석기의 구현)

  • Ahn, Joon-Seon;Lim, Seong-Chae
    • The KIPS Transactions:PartA
    • /
    • v.18A no.5
    • /
    • pp.193-204
    • /
    • 2011
  • Since web applications are accessed by anonymous users via web, more security risks are imposed on those applications. In particular, because security vulnerabilities caused by insecure source codes cannot be properly handled by the system-level security system such as the intrusion detection system, it is necessary to eliminate such problems in advance. In this paper, to enhance the security of web applications, we develop a static analyzer for detecting the well-known security vulnerability of PHP file inclusion vulnerability. Using a semantic based static analysis, our vulnerability analyzer guarantees the soundness of the vulnerability detection and imposes no runtime overhead, differently from the other approaches such as the penetration test method and the application firewall method. For this end, our analyzer adopts abstract interpretation framework and uses an abstract analysis domain designed for the detection of the target vulnerability in PHP programs. Thus, our analyzer can efficiently analyze complicated data-flow relations in PHP programs caused by extensive usage of string data. The analysis results can be browsed using a JAVA GUI tool and the memory states and variable values at vulnerable program points can also be checked. To show the correctness and practicability of our analyzer, we analyzed the source codes of open PHP applications using the analyzer. Our experimental results show that our analyzer has practical performance in analysis capability and execution time.

Pattern-based Signature Generation for Identification of HTTP Applications (HTTP 응용들의 식별을 위한 패턴 기반의 시그니쳐 생성)

  • Jin, Chang-Gyu;Choi, Mi-Jung
    • Journal of Information Technology and Architecture
    • /
    • v.10 no.1
    • /
    • pp.101-111
    • /
    • 2013
  • Internet traffic volume has been increasing rapidly due to popularization of various smart devices and Internet development. In particular, HTTP-based traffic volume of smart devices is increasing rapidly in addition to desktop traffic volume. The increased mobile traffic can cause serious problems such as network overload, web security, and QoS. In order to solve these problems of the Internet overload and security, it is necessary to accurately detect applications. Traditionally, well-known port based method is utilized in traffic classification. However, this method shows low accuracy since P2P applications exploit a TCP/80 port, which is used for the HTTP protocol; to avoid firewall or IDS. Signature-based method is proposed to solve the lower accuracy problem. This method shows higher analysis rate but it has overhead of signature generation. Also, previous signature-based study only analyzes applications in HTTP protocol-level not application-level. That is, it is difficult to identify application name. Therefore, previous study only performs protocol-level analysis. In this paper, we propose a signature generation method to classify HTTP-based traffics in application-level using the characteristics of typical semi HTTP header. By applying our proposed method to campus network traffic, we validate feasibility of our method.