Rana Faisal Munir, N. Ahmed, Hafiz Abdul Razzaq, Ali Hur, H. F. Ahmad
{"title":"Detect HTTP Specification Attacks Using Ontology","authors":"Rana Faisal Munir, N. Ahmed, Hafiz Abdul Razzaq, Ali Hur, H. F. Ahmad","doi":"10.1109/FIT.2011.21","DOIUrl":null,"url":null,"abstract":"Web applications after their revolutionary advent and popularity are target of variety of attacks. Magnitude and complexity of attacks is continuously growing with every minute development in World Wide Web. There are plenty of web attack detection techniques but they cannot fully comprehend the required degree of security for complex web applications. The reasons include static nature of attack detection mechanism, lack of expressiveness in attack detection rules, and absence of reasoning capability to detect unanticipated ways an attack can be launched. To cater these issues, a formal approach is required that has more expressiveness and equipped with reasoning. These traits are fully adhered to by the Semantic techniques. This paper introduces an approach for utilizing Semantic techniques in web application security. This has never been introduced previously to the best of our knowledge. Here the HTTP Protocol ontology is presented to mitigate the communication protocol attacks. In this paper we are focusing on communication protocol attacks including abnormal HTTP messages, HTTP request smuggling and HTTP response splitting. While dealing with these attacks, the proposed technique outperforms the existing solutions with higher detection rate and low false positives as indicated by evaluation results.","PeriodicalId":101923,"journal":{"name":"2011 Frontiers of Information Technology","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Frontiers of Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FIT.2011.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Web applications after their revolutionary advent and popularity are target of variety of attacks. Magnitude and complexity of attacks is continuously growing with every minute development in World Wide Web. There are plenty of web attack detection techniques but they cannot fully comprehend the required degree of security for complex web applications. The reasons include static nature of attack detection mechanism, lack of expressiveness in attack detection rules, and absence of reasoning capability to detect unanticipated ways an attack can be launched. To cater these issues, a formal approach is required that has more expressiveness and equipped with reasoning. These traits are fully adhered to by the Semantic techniques. This paper introduces an approach for utilizing Semantic techniques in web application security. This has never been introduced previously to the best of our knowledge. Here the HTTP Protocol ontology is presented to mitigate the communication protocol attacks. In this paper we are focusing on communication protocol attacks including abnormal HTTP messages, HTTP request smuggling and HTTP response splitting. While dealing with these attacks, the proposed technique outperforms the existing solutions with higher detection rate and low false positives as indicated by evaluation results.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
