Research and Design of Web Application Firewall Based on Feature Matching

doi:10.3969/j.issn.1671-1122.2015.11.009

Abstract

Abstract:

With the rapid development of Web application, the security situation is not optimistic, the majority of Web applications have security vulnerabilities, and the traditional network security equipment for the application layer attack prevention is very limited. The traditional firewall can only protect the network layer, IPS, IDS cannot effectively protect the application layer attacks by flexible encoding and packet segmentation. The Web application firewall works in the application layer, it analysis the HTTP requests and responses, then compares the analysis results to the HTTP attack feature library, blocking Web application attacks, protect application layer effectively. This paper analyzed the HTTP protocol and mainstream web attacks and bypass mode, aiming at the deficiency of the HTTP protocol and the defect of model matching, and it adopted Simhash feature extraction and block prevention and filtering search technology, to propose a based on feature matching of Web Application Firewall System. Experiments show that the Web application firewall can defend against all kinds of Web application layer attacks, effectively solve the problem of the Web attack detection.

Key words: Web application firewall, HTTP, Web attack, Simhash, block search

CLC Number:

TP309

XIN Xiao-jie, XIN Yang, JI Shuo. Research and Design of Web Application Firewall Based on Feature Matching[J]. Netinfo Security, 2015, 15(11): 53-59.

Figures/Tables 12

References 11

[1]	M. E.LOCASTO A K, K. WANG, FLIPS S S. Hybrid adaptive intrusion preven-tion[C]//In Proc. of the 8th International Symposium on Recent Advances in Intrusion Detection (RAUD 2005), 2005.
[2]	张明,许博义,许飞. 一种基于混合模式的Web入侵检测系统架构研究[J]. 信息网络安全,2015,(9):6-9.
[3]	RISTIC I.Web Intrusion Detection with ModSecurity[C]//1st Annual OWASP AppSec Europe, 2006:36-50.
[4]	李莉,翟征德.一种基于Web应用防火墙的主动安全加固方案[J].计算机工程与应用,2011,47(25):104-106.
[5]	姚琳琳. 基于分布式对等架构的 Web 应用防火墙设计与实现[D].桂林:桂林电子科技大学,2008.
[6]	王宇. web应用防火墙的设计与实现[D].上海:上海交通大学,2011.
[7]	方爽,基于特征匹配的WEB应用防火墙的研究与实现[D].合肥:安徽大学,2014.
[8]	毛武. 基于反向代理的Web应用安全解决方案的设计与实现[D].成都:西南交通大学,2010.
[9]	王景中,徐友强. 基于RBF神经网络的HTTP异常行为自动识别方法[J]. 信息网络安全,2014,(12):16-20.
[10]	常乐. Web应用防火墙及其在多媒体资源管理器中的应用[D].北京:北京邮电大学,2008.
[11]	Leoncom,simhash与Google的网页去重[EB/OL]..

[1]	YUAN Wenxin, CHEN Xingshu, ZHU Yi, ZENG Xuemei. HTTP Payload Covert Channel Detection Method Based on Deep Learning [J]. Netinfo Security, 2023, 23(7): 53-63.
[2]	CHEN Liquan, XUE Yuxin, JIANG Yinghua, ZHU Yaqing. Design of Certificate Transparency Log System Based on SM2 Algorithm [J]. Netinfo Security, 2023, 23(11): 9-16.
[3]	YANG Ming, ZHANG Jian. Static Detection Model of Malware Based on Image Recognition [J]. Netinfo Security, 2021, 21(10): 25-32.
[4]	CHEN Cheng, LUO Senlin, WU Qian, YANG Peng. Research on Covert Channel Construction Method Based on HTTP Protocol Combination [J]. Netinfo Security, 2020, 20(6): 57-64.
[5]	Yi TANG, Zhishuang WANG. Research on HTTPS Configurations for E-banking Systems [J]. Netinfo Security, 2017, 17(1): 16-22.
[6]	Guofeng ZHAO, Yong CHEN, Xinheng WANG. Research on the Web Front-end Hijacking and Defense against HTTPS [J]. Netinfo Security, 2016, 16(3): 15-20.
[7]	Yue-jin ZHANG, Ding DING. A Study on Incremental Text Clustering in Sensitive Topic Detection [J]. Netinfo Security, 2015, 15(9): 170-174.
[8]	Feng-fan YANG, Jia-yong LIU, Dian-hua TANG. Research of HTTPS Session Hijacking Based on Script Injection [J]. Netinfo Security, 2015, 15(3): 59-63.
[9]	. Design and Implementation of the Web Firewall System based on ISAPI Filter [J]. , 2014, 14(7): 35-.
[10]	WANG Li-le, LI Ming, WANG Hao, BI Sheng-jie. Research on Cloud WAF Systems [J]. 信息网络安全, 2014, 14(12): 1-6.
[11]	WANG Jing-zhong, XU You-qiang. Automatic Identification for Abnormal HTTP Behavior Based upon RBF Neural Network [J]. 信息网络安全, 2014, 14(12): 16-20.
[12]	. Privacy Leakage Detection for Mobile Intelligent Terminal based on Boundary Detection [J]. , 2014, 14(1): 0-0.
[13]	. Web Protection System based on Kernel Monitoring and Filtering Rules [J]. , 2013, 13(9): 0-0.
[14]	. Research and Implementation of Network Covert Channel [J]. , 2013, 13(7): 0-0.
[15]	. The Design and Implementation of Enterprise Information Security Architecture based on Mobile Terminal [J]. , 2013, 13(5): 0-0.