scholarly journals Sanare: Pluggable Intrusion Recovery for Web Applications

2021 ◽  
Author(s):  
David Matos ◽  
Miguel Correia ◽  
Miguel Pardal
Keyword(s):  
Deep Learning ◽  
Web Services ◽  
Data Storage ◽  
Web Applications ◽  
Storage Systems ◽  
Source Code ◽  
Profound Knowledge ◽  
Recovery System ◽  
The Web ◽  
Intrusion Recovery

<p>Web applications are exposed to many threats and, despite the best defensive efforts, are often successfully attacked. Reverting the effects of an attack on the state of such an application requires a profound knowledge about the application, to understand what data did the attack corrupt. Furthermore, it requires knowing what steps are needed to revert the effects without modifying legitimate data created by legitimate users. Existing intrusion recovery systems are capable of reverting the effects of the attack but they require modifications to the source code of the application, which may be unpractical. We present Sanare, a pluggable intrusion recovery system designed for web applications that use different data storage systems to keep their state. Sanare does not require any modification to the source code of the application or the web server. Instead, it uses Matchare, a new deep learning scheme we introduce to learn the matches between the HTTP requests and the database statements, file system operations and web services requests that the HTTP requests caused. We evaluated Sanare with three open source web applications: WordPress, GitLab and ownCloud. In our experiments Matchare achieved precision and recall higher than 97.5%.</p>

scholarly journals Sanare: Pluggable Intrusion Recovery for Web Applications

2021 ◽  
Author(s):  
David Matos ◽  
Miguel Correia ◽  
Miguel Pardal
Keyword(s):  
Deep Learning ◽  
Web Services ◽  
Data Storage ◽  
Web Applications ◽  
Storage Systems ◽  
Source Code ◽  
Profound Knowledge ◽  
Recovery System ◽  
The Web ◽  
Intrusion Recovery

<p>Web applications are exposed to many threats and, despite the best defensive efforts, are often successfully attacked. Reverting the effects of an attack on the state of such an application requires a profound knowledge about the application, to understand what data did the attack corrupt. Furthermore, it requires knowing what steps are needed to revert the effects without modifying legitimate data created by legitimate users. Existing intrusion recovery systems are capable of reverting the effects of the attack but they require modifications to the source code of the application, which may be unpractical. We present Sanare, a pluggable intrusion recovery system designed for web applications that use different data storage systems to keep their state. Sanare does not require any modification to the source code of the application or the web server. Instead, it uses Matchare, a new deep learning scheme we introduce to learn the matches between the HTTP requests and the database statements, file system operations and web services requests that the HTTP requests caused. We evaluated Sanare with three open source web applications: WordPress, GitLab and ownCloud. In our experiments Matchare achieved precision and recall higher than 97.5%.</p>

Supporting Accessible User Interfaces Using Web Services

2016 ◽  
pp. 866-884
Author(s):  
Georgios Bouloukakis ◽  
Ioannis Basdekis ◽  
Constantine Stephanidis
Keyword(s):  
Web Services ◽  
User Interfaces ◽  
Web Applications ◽  
Automatic Generation ◽  
Individual Characteristics ◽  
Web Content ◽  
Interface Elements ◽  
Accessibility Guidelines ◽  
Content Accessibility ◽  
The Web

Web services are an emerging technology that has attracted much attention from both the research and the industry sectors in recent years. The exploitation of Web services as components in Web applications facilitates development and supports application interoperability, regardless of the programming language and platform used. However, existing Web services development standards do not take into account the fact that the provided content and the interactive functionality should be accessible to, and easily operable by, people with disabilities. This chapter presents a platform named myWebAccess, which provides a mechanism for the semi-automated “repair” of Web services' interaction characteristics in order to support the automatic generation of interface elements that conform to the de facto standard of the Web Content Accessibility Guidelines 2.0. myWebAccess enhances interaction quality for specific target user groups, including people with visual and motor disabilities, and supports the use of Web services on diverse platforms (e.g., mobile phones equipped with a browser). The Web developers can build their own design templates and the users of myWebAccess can create a personalized environment containing their favourite services. Thus, they can interact with them through interfaces appropriate to their specific individual characteristics.

Migrating Web Services in Mobile and Wireless Environments

2011 ◽  
pp. 706-723
Author(s):  
Myung-Woo Park ◽  
Yeon-Seok Kim ◽  
Kyong-Ho Lee
Keyword(s):  
Web Services ◽  
Web Service ◽  
Mobile Devices ◽  
Wireless Network ◽  
Efficient Method ◽  
Source Code ◽  
Context Information ◽  
Wireless Environments ◽  
Migration Method ◽  
The Web

Mobile devices enabled with Web services are being considered as equal participants of the Web services environment. The frequent mobility of devices and the intermittent disconnection of wireless network require migrating or replicating Web services onto adjacent devices appropriately. This article proposes an efficient method for migrating and replicating Web services among mobile devices through code splitting. Specifically, the proposed method splits the source code of a Web service into subcodes based on users’ preferences for its constituent operations. The subcode with a higher preference is migrated earlier than others. The proposed method also replicates a Web service to other devices to enhance its performance by considering context information such as network traffic or the parameter size of its operations. To evaluate the performance of the proposed method, the effect of the code splitting on migration was analyzed. Furthermore, to show the feasibility of the proposed migration method, three application scenarios were devised and implemented.

scholarly journals An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications

2014 ◽  
Vol 5 (1) ◽  
pp. 19-38
Author(s):  
Romaric Ludinard ◽  
Éric Totel ◽  
Frédéric Tronel ◽  
Vincent Nicomette ◽  
Mohamed Kaâniche ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Web Application ◽  
Web Applications ◽  
Detection System ◽  
Source Code ◽  
Web Attacks ◽  
Application Profile ◽  
The Web ◽  
Ruby On Rails

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

Webshell detection with byte-level features based on deep learning

2021 ◽  
Vol 40 (1) ◽  
pp. 1585-1596
Author(s):  
Xiao Zhongzheng ◽  
Nurbol Luktarhan
Keyword(s):  
Deep Learning ◽  
Web Applications ◽  
Detection Efficiency ◽  
Source Code ◽  
Detection Methods ◽  
Web Page ◽  
Matching Method ◽  
Network Intrusion ◽  
Signature Matching ◽  
And Control

A webshell is a common tool for network intrusion. It has the characteristics of considerable threat and good concealment. An attacker obtains the management authority of web services through the webshell to penetrate and control web applications smoothly. Because webshell and common web page features are almost identical, it can evade detection by traditional firewalls and anti-virus software. Moreover, with the application of various anti-detection feature hiding techniques to the webshell, it is difficult to detect new patterns in time based on the traditional signature matching method. Webshell detection has been proposed based on deep learning. First, a dataset is opcoded, and the source code and opcode code features are fused. Second, the processed dataset is reduced using the SRNN and an attention mechanism, and the capsule network improves complete predictions for unknown pages. Experiments prove that the algorithm has higher detection efficiency and accuracy than traditional webshell detection methods, and it can also detect new types of webshell with a certain probability.

Supporting Accessible User Interfaces Using Web Services

2016 ◽  
pp. 1477-1495
Author(s):  
Georgios Bouloukakis ◽  
Ioannis Basdekis ◽  
Constantine Stephanidis
Keyword(s):  
Web Services ◽  
User Interfaces ◽  
Web Applications ◽  
Automatic Generation ◽  
Individual Characteristics ◽  
Web Content ◽  
Interface Elements ◽  
Accessibility Guidelines ◽  
Content Accessibility ◽  
The Web

Web services are an emerging technology that has attracted much attention from both the research and the industry sectors in recent years. The exploitation of Web services as components in Web applications facilitates development and supports application interoperability, regardless of the programming language and platform used. However, existing Web services development standards do not take into account the fact that the provided content and the interactive functionality should be accessible to, and easily operable by, people with disabilities. This chapter presents a platform named myWebAccess, which provides a mechanism for the semi-automated “repair” of Web services' interaction characteristics in order to support the automatic generation of interface elements that conform to the de facto standard of the Web Content Accessibility Guidelines 2.0. myWebAccess enhances interaction quality for specific target user groups, including people with visual and motor disabilities, and supports the use of Web services on diverse platforms (e.g., mobile phones equipped with a browser). The Web developers can build their own design templates and the users of myWebAccess can create a personalized environment containing their favourite services. Thus, they can interact with them through interfaces appropriate to their specific individual characteristics.

Web Services

2007 ◽  
pp. 244-267
Author(s):  
Bernd Aman ◽  
Salima Benbernou ◽  
Benjamin Nguyen
Keyword(s):  
Web Services ◽  
Web Service ◽  
Service Composition ◽  
Web Applications ◽  
Loosely Coupled ◽  
Composition Problem ◽  
Service Oriented ◽  
Service Paradigm ◽  
Current Standards ◽  
The Web

Unlike traditional applications, which depend upon a tight interconnection of all program elements, Web service applications are composed of loosely coupled, autonomous and independent services published on the Web. In this chapter, we first introduces the concept of service oriented computing (SOC) on the Web and the current standards enabling the definition and publication of Web services. This technology’s next evolution is to facilitate the creation and maintenance of Web applications. This can be achieved by exploiting the self-descriptive nature of Web services combined with more powerful models and languages for composing Web services. A second objective of this chapter is to illustrate the complexity of the Web service composition problem and to provide a representative overview of the existing approaches. The chapter concludes with a short presentation of two research projects exploiting and extending the Web service paradigm.

Research on Restful Web Services in Java

2011 ◽  
Vol 135-136 ◽  
pp. 806-808 ◽  
Author(s):  
Hong Jun Li
Keyword(s):  
Web Services ◽  
Web Service ◽  
Web Sites ◽  
Web Applications ◽  
Web Development ◽  
Representational State Transfer ◽  
State Transfer ◽  
Restful Web Service ◽  
Restful Web Services ◽  
The Web

In order to make the Web services, web sites in Java more powerful and flexible, building unified web applications is vital important. By introducing a new style─Representational State Transfer (REST), this paper studied the Java RESTful frameworks and the ways to develop Restful Web Service in Java. The RESTful frameworks in Java can effectively simplify the web development in many ways.

Sign in / Sign up

Export Citation Format

Share Document