National ICT R&D Fund

Technical R&D Projects

Funded Projects

Semantics based Web Application Security: Concept, Design and Implementation

Principal Investigator:
School of Electrical Engineering & Computer Science, NUST, Islamabad www.seecs.edu.pk
Project Directors:
Dr. Hafiz Farooq Ahmad	farooq.ahmad@seecs.edu.pk
Dr. Khalid Latif	khalid.latif@seecs.edu.pk
Dr. Fauzan Mirza	fauzan.mirza@seecs.edu.pk
Project Details:
Start Date: June, 2011	Duration: 20 months
Project Cost: PKR 11.02 million	Project Funding: PKR 11.02 million
Project Status: In progress.
Technical Progress Report: NA
Financial Audit Report: NA
Project URL: http://www.seecs.edu.pk/

Executive Summary

The aim of this project is to provide an effective and open source intrusion detection system for Web-based attacks. The exponential increase in cyber crimes with the expansion of Web applications have become the most important security concern for e-business, e-health and other Web applications on the Internet. Recent survey shows that about 80% of Web based attacks are being deployed at the application layer of the OSI model and more than 90% of Web applications are vulnerable to these attacks. Various security mechanisms in the form of intrusion detection systems, encryption devices, and firewalls have been deployed but tend to be less effective against the Web-based threats, due to their extremely flexible nature. In order to mitigate application level attacks the system needs to grasp the context of the information contents (e.g., web page or script) and be able to filter that content on the basis of its consequences on the target applications. This proposal introduces new concepts and an architecture to use semantics for detecting and preventing attacks at the application layer (specifically, attacks through HTTP).

The proposed system will be capable of performing intrusion detection through the ontological representation of attacks, application protocols such as HTTP and associated data. Furthermore it allows automatic generation of attack rules. By building the attack model using the ontology, the system will significantly improve attack detection capability and should be able to detect Web attacks which appear to be generalized forms of existing attack techniques (i.e., zero day attacks based on existing methods). A prototype ontology model of application layer attacks for the HTTP protocol has already been developed. The proof-of-concept prototype uses Description Logic based Web Ontology Language (OWL) for knowledge representation and it is implemented on top of the JENA framework. The prototype system is deployed and evaluated as a surrogate proxy in front of the Web server to detect and protect Web applications from application layer attacks like Cross Site Scripting (XSS) and SQL injection. System evaluation shows significantly improved detection capability, as compared with some other existing techniques and solutions, and provides significant search space reduction, as well as it helps in eliminating many problems associated with existing techniques. We are sure that through this research project we will provide significantly improved ontology based intrusion detection system that works at the application layer.