Research and Design of Web Application Firewall Based on Feature Matching

doi:10.3969/j.issn.1671-1122.2015.11.009

Abstract

Abstract:

With the rapid development of Web application, the security situation is not optimistic, the majority of Web applications have security vulnerabilities, and the traditional network security equipment for the application layer attack prevention is very limited. The traditional firewall can only protect the network layer, IPS, IDS cannot effectively protect the application layer attacks by flexible encoding and packet segmentation. The Web application firewall works in the application layer, it analysis the HTTP requests and responses, then compares the analysis results to the HTTP attack feature library, blocking Web application attacks, protect application layer effectively. This paper analyzed the HTTP protocol and mainstream web attacks and bypass mode, aiming at the deficiency of the HTTP protocol and the defect of model matching, and it adopted Simhash feature extraction and block prevention and filtering search technology, to propose a based on feature matching of Web Application Firewall System. Experiments show that the Web application firewall can defend against all kinds of Web application layer attacks, effectively solve the problem of the Web attack detection.

Key words: Web application firewall, HTTP, Web attack, Simhash, block search

CLC Number:

TP309

Xiao-jie XIN, Yang XIN, Shuo JI. Research and Design of Web Application Firewall Based on Feature Matching[J]. Netinfo Security, 2015, 15(11): 53-59.

Figures/Tables 12

References 11

[1]	M. E.LOCASTO A K, K. WANG, FLIPS S S. Hybrid adaptive intrusion preven-tion[C]//In Proc. of the 8th International Symposium on Recent Advances in Intrusion Detection (RAUD 2005), 2005.
[2]	张明,许博义,许飞. 一种基于混合模式的Web入侵检测系统架构研究[J]. 信息网络安全,2015,(9):6-9.
[3]	RISTIC I.Web Intrusion Detection with ModSecurity[C]//1st Annual OWASP AppSec Europe, 2006:36-50.
[4]	李莉,翟征德.一种基于Web应用防火墙的主动安全加固方案[J].计算机工程与应用,2011,47(25):104-106.
[5]	姚琳琳. 基于分布式对等架构的 Web 应用防火墙设计与实现[D].桂林:桂林电子科技大学,2008.
[6]	王宇. web应用防火墙的设计与实现[D].上海:上海交通大学,2011.
[7]	方爽,基于特征匹配的WEB应用防火墙的研究与实现[D].合肥:安徽大学,2014.
[8]	毛武. 基于反向代理的Web应用安全解决方案的设计与实现[D].成都:西南交通大学,2010.
[9]	王景中,徐友强. 基于RBF神经网络的HTTP异常行为自动识别方法[J]. 信息网络安全,2014,(12):16-20.
[10]	常乐. Web应用防火墙及其在多媒体资源管理器中的应用[D].北京:北京邮电大学,2008.
[11]	Leoncom,simhash与Google的网页去重[EB/OL]..

[1]	Yi TANG, Zhishuang WANG. Research on HTTPS Configurations for E-banking Systems [J]. Netinfo Security, 2017, 17(1): 16-22.
[2]	Guofeng ZHAO, Yong CHEN, Xinheng WANG. Research on the Web Front-end Hijacking and Defense against HTTPS [J]. Netinfo Security, 2016, 16(3): 15-20.
[3]	ZHANG Yue-jin, DING Ding. A Study on Incremental Text Clustering in Sensitive Topic Detection [J]. 信息网络安全, 2015, 15(9): 170-174.
[4]	YANG Feng-fan, LIU Jia-yong, TANG Dian-hua. Research of HTTPS Session Hijacking Based on Script Injection [J]. 信息网络安全, 2015, 15(3): 59-63.
[5]	. Design and Implementation of the Web Firewall System based on ISAPI Filter [J]. , 2014, 14(7): 35-.
[6]	WANG Jing-zhong, XU You-qiang. Automatic Identification for Abnormal HTTP Behavior Based upon RBF Neural Network [J]. 信息网络安全, 2014, 14(12): 16-20.
[7]	WANG Li-le, LI Ming, WANG Hao, BI Sheng-jie. Research on Cloud WAF Systems [J]. 信息网络安全, 2014, 14(12): 1-6.
[8]	. Privacy Leakage Detection for Mobile Intelligent Terminal based on Boundary Detection [J]. , 2014, 14(1): 0-0.
[9]	. Web Protection System based on Kernel Monitoring and Filtering Rules [J]. , 2013, 13(9): 0-0.
[10]	. Research and Implementation of Network Covert Channel [J]. , 2013, 13(7): 0-0.
[11]	. The Design and Implementation of Enterprise Information Security Architecture based on Mobile Terminal [J]. , 2013, 13(5): 0-0.
[12]	. A Real Time Data Leakage Prevent System based on ICAP [J]. , 2013, 13(11): 0-0.
[13]	. NULL [J]. , 2012, 12(11): 0-0.
[14]	. Design and Implementation of HTTPS Server Cryptographic Algorithm Testing Tool [J]. , 2011, 11(9): 0-0.
[15]	. Attack Manner Mining in the XSS Included in URL [J]. , 2011, 11(11): 0-0.