Development of a Hybrid Web Application Firewall to Prevent Web Based Attacks

TEKEREK A. , Gemci C., BAY Ö. F.

8th IEEE International Conference on Application of Information and Communication Technologies (AICT), Astana, Kazakhstan, 15 - 17 October 2014, pp.51-54 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume:
  • Doi Number: 10.1109/icaict.2014.7035910
  • City: Astana
  • Country: Kazakhstan
  • Page Numbers: pp.51-54


Firewall and intrusion detection systems are used by the purposes of preventing information loss and weakness on internet and providing security for web applications. However attacks to web applications do not only come from network layer. Web applications use Hyper Text Transfer Protocol (HTTP) and attacks come from this protocol to web pages. Tools used for providing security on network layer become inefficient for HTTP attacks. These attacks to web applications can be prevented by detection of HTTP. In this study, a hybrid web application firewall is developed by using proposed signature based detection and anomaly detection methods, to prevent attacks by detection of HTTP requests.