Development of a Hybrid Web Application Firewall to Prevent Web Based Attacks

TEKEREK A., Gemci C., BAY Ö. F.

8th IEEE International Conference on Application of Information and Communication Technologies (AICT), Astana, Kazakistan, 15 - 17 Ekim 2014, ss.51-54 identifier identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Cilt numarası:
  • Doi Numarası: 10.1109/icaict.2014.7035910
  • Basıldığı Şehir: Astana
  • Basıldığı Ülke: Kazakistan
  • Sayfa Sayıları: ss.51-54
  • Anahtar Kelimeler: Web Application Security, Anomaly Detection, Signature Base Detection
  • Gazi Üniversitesi Adresli: Evet

Özet

Firewall and intrusion detection systems are used by the purposes of preventing information loss and weakness on internet and providing security for web applications. However attacks to web applications do not only come from network layer. Web applications use Hyper Text Transfer Protocol (HTTP) and attacks come from this protocol to web pages. Tools used for providing security on network layer become inefficient for HTTP attacks. These attacks to web applications can be prevented by detection of HTTP. In this study, a hybrid web application firewall is developed by using proposed signature based detection and anomaly detection methods, to prevent attacks by detection of HTTP requests.