CFP last date
20 January 2025
Reseach Article

An Intellectual Approach for Providing Secure Environment in Real World Web Application

by C. I. Arthi, Priyadharshini R
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 75 - Number 18
Year of Publication: 2013
Authors: C. I. Arthi, Priyadharshini R
10.5120/13347-0489

C. I. Arthi, Priyadharshini R . An Intellectual Approach for Providing Secure Environment in Real World Web Application. International Journal of Computer Applications. 75, 18 ( August 2013), 14-19. DOI=10.5120/13347-0489

@article{ 10.5120/13347-0489,
author = { C. I. Arthi, Priyadharshini R },
title = { An Intellectual Approach for Providing Secure Environment in Real World Web Application },
journal = { International Journal of Computer Applications },
issue_date = { August 2013 },
volume = { 75 },
number = { 18 },
month = { August },
year = { 2013 },
issn = { 0975-8887 },
pages = { 14-19 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume75/number18/13347-0489/ },
doi = { 10.5120/13347-0489 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:44:35.229937+05:30
%A C. I. Arthi
%A Priyadharshini R
%T An Intellectual Approach for Providing Secure Environment in Real World Web Application
%J International Journal of Computer Applications
%@ 0975-8887
%V 75
%N 18
%P 14-19
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In recent years, widespread adoption of the internet has resulted in rapid advancement in information technologies. Internet is used by the general population for the purposes such as financial transactions, educational activities and countless other activities. This development of the Internet use has unfortunately been accompanied by a growth of malicious activity in the web application. Every organization uses web application for accessing their data from the database, these applications use user inputs to create a query for storing, retrieving data from the database. Although all the organizations are concerned about their data security, the attackers can still corrupt the data by using the techniques like SQL injection, Hijack future session attack, Privilege Escalation attack, which are commonly referred to as intrusion, it also includes another Application layer attack called DDoS attack. In this paper we present a novel approach for detecting all the intrusions and Application layer attack by analyzing user behavior and analyzing the user input queries using low interaction Honeypot technique.

References
  1. Bazara. I. A. Barry and H. Antony Chan, "Syntax and Semantics Based Signature Databases for Hybrid Intrusion Detection System," Security & Communication Networks, vol. 2, Issue 6, Dec. 2009.
  2. Christian Doring, "Improving Network Security with Honeypots," German Honeynet Project, 2005.
  3. Christopher Kruegel and Giovanni Vigna, "Anomaly Detection of Web Based Attacks," Association for Computing Machinery Conference. Computer and Comm. Security (CCS '03), Oct. 2003.
  4. Daniel Bates, Adam Barth and Collin Jackson, "Regular Expressions Considered Harmful in Client Side XSS Filter," Proceedings of the 19th International Conf. World Wide Web, 2010.
  5. Giovanni Vigna, Willam Robertson, Vishal Kher, "A Stateful Intrusion Detection System for World Wide Web Servers," 19th conference of the Computer Security Applications on the year 2003.
  6. Gregory T. Buehrer, Paolo A. G. Sivilotti and Bruce W. Weide, "Prevent SQL Injection Attack by Validating Parse Tree," Association for Computing Machinery 2005.
  7. A. Harrison, the DoS attack Aftermath, http://www. cnn. com/2000/TECH/computing/02/14/ dos. aftermath. idg, 2000
  8. Hellman M. E Diffie W. , An Introduction to Cryptography, Volume 67, Pages 397-427, Proc. IEEE, 1999.
  9. Herv Debar, Marc Dacier and Andreas Wespi, "Towards a Taxonomy of Intrusion Detection System," Computer Networks, volume 31 in the year 1999.
  10. HoneyNet Project, http://project. honeynet. org/
  11. James Newsome, Brad Karp and Dawn Song, "Polygraph: Automatically Generating Signatures for Polymorphic Worms," Proceedings of the Security and Privacy, IEEE Symposium on May 2005.
  12. S. M. Khattab, C. Sangpachatanaruk, D. Moss´e, R. Melhem, and T. Znati, "Roaming Honeypots for Mitigating Service-level Denial-of-Service Attacks," In ICDCS, 2004
  13. H. A. Kim and Brad Karp, "Autograph: Toward Automated Distributed Worm Signature Detection," Proceedings of the 13th Conference, USENIX Security Symposium on the year 2004.
  14. Vicktoria Felmetsger, L. Cavedon, Christopher Kruegel and Giovanni Vigna, "Towards Automated Detection of Logic Vulnerabilities in Web Applications," Proceedings of the USENIX Security Symposium Conference on the year 2010.
  15. Yih Huang, Angelos Stavrou, Aup K. Ghosh and Sushil Jajodia, "Efficiently Tracking Application Interactions Using Lightweight Virtualization," Proceedings of the First Workshop on Association for Computing Machinery, Oct. 2008
Index Terms

Computer Science
Information Sciences

Keywords

Denial of Service attack Hijack Future Session attack Honeypot Intrusion Detection System SQL Injection User behavior