INTRUSION DETECTION FOR WEB SECURITY WEAKNESS AND TRENDS

Postgraduate

ABSTRACT  

The internet is growing rapidly and interconnected different wired and wireless networks with each other. By using a client server architecture computing devices which are located at different geographical locations all around the world connect to the World Wide Web. Client can access information from the web server through the web browser. Web server fetches data from the database server. Malicious minds all over the world break down the security of the data driven web applications and illegally access some private data, manipulate data or perform different malicious activities which may lead to great damage or financial loss. SQL injection attack and Denial-of-service (DOS) attack are two most important security threads found in the web applications. SQL injection is a one of the web application security vulnerability in which SQL statements are altered by attackers which is executed by the web application and submitted to the database server. DOS attack is an attack which makes network resources unavailable to its intended users. In this paper, we propose a method for evaluation of the current security mechanism by injecting vulnerabilities in the web application and exploit them using Distributed Vulnerability and Attack Detection Tool (DVADT).


INTRODUCTION

Over the past decade, the Internet has been embraced by various organizations, institutions and businesses as an inexpensive channel to communicate and exchange information with their staff, prospects and customers. In particular, the web has transformed to an electronic tool for organizations to monitor visitors to their website and establishing a channel of communication for business transactions. One way of doing this is asking web visitors to subscribe to newsletters, to submit an application form when requesting information on products or provide details to customize their browsing experience. These data must be captured, stored, processed and transmitted to be used immediately or at a later date. Web applications, in the form of submit fields, enquiry and login forms, shopping carts, and content management systems, are those website widgets that allow this to happen.

Typically, web applications allow the capture, processing, storage and transmission of sensitive customer data (e.g., personal details, credit card numbers, social security information, etc.) for immediate and recurrent use.  Web applications are, therefore, computer programs allowing website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. The data is then presented to the user within their browser as information is generated dynamically (in a specific format, e.g. in HTML using CSS) by the web application through a web server.

Despite their advantages, web applications do raise a number of security concerns stemming from improper coding. Serious weaknesses or vulnerabilities, allow hackers to gain direct and public access to databases in order to steal sensitive data. Many of these databases contain valuable information (e.g., personal and financial details) making them a frequent target of hackers.

Web applications security vulnerabilities have evolved and have become very more complex to detect and fix. Amongst the reasons for emerging web applications security vulnerabilities are: Complexity of the application, code reuse and tight deadlines, pressure on the developers to deliver applications. Web security vulnerabilities are a result of using readymade components and depending on their security or lack of security testing either to tight deadlines to deliver applications or to reduce cost.

Malicious injection of code within vulnerable web applications to trick users and redirect them towards phishing sites is called Cross-Site Scripting and may be used even though the web servers and database engine contain no vulnerability themselves and it is becoming one of the most prevalent web application vulnerability threats today.


STATEMENT OF RESEARCH PROBLEM

In spite of increased attention on software security vulnerabilities and its attendant risks, there are little research efforts in the area of Cross Site Scripting which is an important area of web security. Most malicious scripts are introduced to web applications through lack of awareness of the threat level on the part of users in the course of web interactions. In the process, sensitive details which are used by hackers to defraud unsuspecting users are introduced.

Several prevention tools and mitigation mechanisms have been implemented, but none of them are complete or accurate enough to guarantee an absolute level of security on web application due to lack of common and complete methodology for evaluation in terms of performance (Mavrommatis et al, 2008)

Previous work conducted on the detection of malicious XSS injections does not have considerations for the users who are susceptible to these attacks; hence the focus of this research. Based on the various literature and recent research into XSS detection strategies, the following problems are yet to be attended to:

i)                   Lack of detection strategy with focus on the users (who are not experts in web security) as most of the solutions are server side mechanisms.

ii)                 Existing approaches do not have consideration for measurement of risk level and the degree of severity of XSS present in web applications.

iii)               High false positive rates.

In order to provide an attempt to solve the problem, we intend to develop a detection framework against XSS attacks which will serve as a guide from the user’s perspective using the concept of Fuzzy Inference System.

AIM AND OBJECTIVES

The aim of this research is to use a Cross Site Scripting detection framework to advise users of severity level of web applications using Fuzzy Inference System with the following objectives:

a.)        to adopt VEGA web crawler for threats intrusion detection.

b.)        use the web crawler to locate and detect vulnerable spots in web applications and store the results in a database.

c.)        implement Fuzzy Inference System on the results in (b).

d.)        display the results of the detection framework as a guide to users.