An efficient attack defensive models for web security

Abstract

Web security plays vital role in protecting interests of genuine users associated with different web applications that are deployed in web server running either in Local Area Network (LAN) or Wireless Local Area Network (WLAN). There are many attacks possible to violate web security. They include URL interpretation, impersonation and session hijacking to mention few. These attacks make significant damage to legitimate users. They may cause financial and other risks. The existing solutions to prevent such attacks are very useful. However, a framework that is extensible and caters to the security services required by web server is important to have sustainable and continuous effort to have countermeasures to the known attacks and also unknown attacks that may be devised by adversaries in future. Towards this end, in this paper, we proposed a framework known as Attack Detection and Prevention Framework (ADPF) with mechanisms and underlying algorithms to detect and prevent various kinds of attacks that jeopardise web security. This paper has focused on three attacks though the framework is extensible to support prevention of other attacks. They are known as URL interpretation, session hijacking and impersonation. We built a prototype framework that is deployed in web server to demonstrate proof of the concept. Our experimental results revealed that the proposed framework has high utility in preventing aforementioned attacks.