Professional Documents
Culture Documents
CS707 Term Paper Presentation
CS707 Term Paper Presentation
CS707 Term Paper Presentation
1 INTRODUCTION
2 WЕB APPLICATION ASSAULTS
3 WЕB APPLICATION ASSAULT DETECTION
4 WЕB APPLICATION FORЕNSICS
5 Conclusion
Introduction
Web Applications playing an important role in current modern era, widely used
in e-governments, e-commerce, web & enterprise based content management,
social networks and emails etc.
Because of usage on such level and scale, they have become a prime target for
different attackers.
In this work, we present a review of the different technique used for Web
application assault detection and forensics.
Wеb Application Assaults
The term “web application attack” refers to an attack where the weakness of the
web application code is exploited, and taken as an advantage to compromise the
security of the back-end systems
It is clearly seen in the Figure below that there has been a marked weakness
from client to Firewalls to different servers (web / application/ database).
Wеb Application Assaults
Two methods which are being used for the assault detection, are
described as:
• Anomaly-based assault detection: Anomaly-based techniques are
able to detect unknown assaults due to the ability to learn. Regrettably,
anomaly-based sacrifices performance and
accuracy with high false positive.
• Signaturе-basеd assault detection: Signature-based techniques rely
on predefined rules of assault signatures which allow it to achieve very
high accuracy in detect known assaults and less prone to false positives;
however, it fails in the detection of new and unknown assaults.
Web Application Assault Detection
Assaults Known Web application Assaults of application Assaults of application Known and Unknown
assaults and network layer and network layer assaults
(Known and Unknown) (Known and Unknown)
Accuracy/False Positive Medium accuracy/high Medium accuracy/high high accuracy/low false Accuracy is high/false
false positive false positive positive positive too low
Key Issues Maintenance, easy to Encryption of traffic, Exposure of danger in Legal constraints, Time,
pass, cost High false alarm case of detection Massive amount of data
Wеb Application Forеnsics
From a technical point of view web application forensics can be considered as:
• a detection technique for assaults.
• evidence finder of the assaults occurrence, investigate causes and motives of the
assaults afterwards.
• deep information gatherer, looks for more information than the other detection
techniques.
Currently used technologies heavily rely on the forensic investigators. So, the
main source to find evidence is the log file which is collected from different
servers and security devices.
Conventional tools have become ineffective; accompanied by increasing in time,
cost and efforts due to heave web traffic.
To resolve these challenges, researchers opted for data mining which helps in
extracting the еvidеncе from huge information, ensuring data integrity and
increasing efficiency.
Conclusion
Some additional techniques were also evolved to fight obscure and new assaults
In this review, we highlighted the web application forensic and web application
honeypots as a post-detection technique. Web application forensics and honeypots
collect a massive amount of data. Applied data mining to this massive data to get
the evidence and to do analysis.
References
References
1. Watson. David, “The evolution of web application attacks,” Network Security. Vol. 11, pp. 7-12. 2007.
2. Mitropoulos, D., Louridas, P., Polychronakis, M., & Keromytis, A. D. (2017). Defending against web application attacks:
approaches, challenges and implications. IEEE Transactions on Dependable and Secure Computing, 16(2), 188-203.
3. Khobragade, P. K., & Malik, L. G. (2014, April). Data generation and analysis for digital forensic application using data
mining. In 2014 Fourth International Conference on Communication Systems and Network Technologies (pp. 458-462).
IEEE.
4. Christey, S., Brown, M., Kirby, D., Martin, B., & Paller, A. (2011). CWE/SANS top 25 most dangerous software errors.
Common Weakness Enumeration.
5. Alzahrani, A., Alqazzaz, A., Zhu, Y., Fu, H., & Almashfi, N. (2017, May). Web application security tools analysis. In
2017 ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on
high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids)(pp.
237-242). IEEE.
6. Kapodistria, H., Mitropoulos, S., & Douligeris, C. (2011). An advanced web attack detection and prevention tool.
Information Management & Computer Security, 19(5), 280-299.
7. Jia, W. C., Hu, R. G., & Shi, F. (2016, July). Feature Design and Selection Based on Web Application-Oriented Active
Threat Awareness Model. In 2016 Sixth International Conference on Instrumentation & Measurement, Computer,
Communication and Control (IMCCC) (pp. 597-600). IEEE.
8. Prandl, S., Lazarescu, M., & Pham, D. S. (2015, December). A study of web application firewall solutions. In
International Conference on Information Systems Security (pp. 501-510). Springer, Cham.
References
References
9. Shugrue, D. (2017). Fighting application threats with cloud-based WAFs. Network Security, 2017(6), 5-8.
10. Appelt, D., Panichella, A., & Briand, L. (2017, October). Automatically repairing web application firewalls based on
successful SQL injection attacks. In 2017 IEEE 28th International Symposium on Software Reliability Engineering
(ISSRE) (pp. 339-350). IEEE.
11. S. Niksеfat, M. M. Ahaniha, B. Sadеghiyan, and M. Shajari, “Toward spеcification-basеd intrusion dеtеction for wеb
applications,” in Proc. Int. Conf. Rеcеnt Adv. Intrusion Dеtеction, 2010, pp. 510–511.
12. Leu, F. Y., & Yang, T. Y. (2003, October). A host-based real-time intrusion detection system with data mining and
forensic techniques. In IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, 2003.
Proceedings. (pp. 580-586). IEEE.
13. Kyaw, A. K., Sioquim, F., & Joseph, J. (2015, November). Dictionary attack on WordPress: Security and forensic
analysis. In 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec) (pp. 158-164).
IEEE.
14. Tseng, C. H., Lai, C. W., & Juang, T. Y. (2017). Automatic Web-Log Filtering Mechanism for Web Attack Digital
Forensics. 網際網路技術學刊 , 18(6), 1451-1459.
15. Lazzez, A., & Slimani, T. (2015). Forensics investigation of web application security attacks. Int. J. Comput. Netw. Inf.
Secur, 7(3), 10-17.
16. Khobragade, P. K., & Malik, L. G. (2014, April). Data generation and analysis for digital forensic application using data
mining. In 2014 Fourth International Conference on Communication Systems and Network Technologies (pp. 458-462).
IEEE.
References
References
17. Sindhu, K. K., & Meshram, B. B. (2012). Digital forensics and cyber crime datamining. Journal of Information Security,
3(03), 196.
18. Quintana, M., Uribe, S., Sánchez, F., & Álvarez, F. (2015). Recommendation techniques in forensic data analysis: a new
approach.
19. Mouhtaropoulos, A., Dimotikalis, P., & Li, C. T. (2013, November). Applying a Digital forensic readiness framework:
Three case studies. In 2013 IEEE International Conference on Technologies for Homeland Security (HST) (pp. 217-223).
IEEE.
20. Ab Rahman, N. H., Glisson, W. B., Yang, Y., & Choo, K. K. R. (2016). Forensic-by-design framework for cyber-physical
cloud systems. IEEE Cloud Computing, 3(1), 50-59.
Thank you