A new WAF-based architecture for protecting web applications against CSRF attacks in malicious environment
Michal Srokosz, Damian Rusinek, Bogdan Ksiezopolski
DOI: http://dx.doi.org/10.15439/2018F208
Citation: Proceedings of the 2018 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 15, pages 391–395 (2018)
Abstract. Web application firewall is an application firewall for HTTP applications. Typical WAF uses static analysis of HTTP request, defined as a set of rules, to find potentially dangerous payloads in the requests. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection which are server-related attacks. Cross-site scripting is clientside attack however the server is attacked and forced to return malicious response. Rule-based approach becomes useless when the attack is client-related, for example employing malware on the banking site. Malware allows to change the transfer data. This scenario is hard to detect because the browser displays valid transfer data and data is changed to the thieves' accounts number at the communication stage. In this paper we introduce a new web-based architecture for protecting web applications against CSRF attacks in malicious environemnt. In our approach we extend a classic, static WAF approach with historical and behavioral analysis, based on actions performed by the user in the past.
References
- Deepa, G., Thilagam, P.S.: Securing web applications from injection and logic vulnerabilities: Approaches and challenges. Information and Software Technology 74, 160 – 180 (2016), http://www.sciencedirect.com/science/article/pii/S0950584916300234
- Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach,Berners-Lee, T.: Rfc 2616, hypertext transfer protocol – http/1.1 (1999), http://www.rfc.net/rfc2616.html
- Garcia-Teodoro, P., Diaz-Verdejo, J., Tapiador, J., Salazar-Hernandez, R.: Automatic generation of {HTTP} intrusion signatures by selective identification of anomalies. Computers & Security 55, 159 – 174 (2015), http://www.sciencedirect.com/science/article/pii/S0167404815001297
- Garnaeva, M., Sinitsyn, F., Namestnikov, Y., Makrushin, D., Liskin, A.: Overall statistics for 2016. Special report, Kaspersky Lab (December 2016), https://kasperskycontenthub.com/securelist/files/2016/12/Kaspersky_Security_Bulletin_2016_Statistics_ENG.pdf
- Jazi, H.H., Gonzalez, H., Stakhanova, N., A.Ghorbani, A.: Detecting http-based application layer dos attacks on web servers in the presence of sampling. Computer Networks 121, 25 – 36 (2017), http://www.sciencedirect.com/science/article/pii/S1389128617301172
- Kar, D., Panigrahi, S., Sundararajan, S.: Sqligot: Detecting {SQL} injection attacks using graph of tokens and {SVM}. ComputersSecurity 60, 206 – 225 (2016), http://www.sciencedirect.com/science/article/pii/S0167404816300451
- Mazur, K., Ksiezopolski, B., Nielek, R.: Multilevel modeling of distributed denial of service attacks in wireless sensor networks. Journal of Sensors 2016 (2016), https://www.hindawi.com/journals/js/2016/5017248/
- Razzaq, A., Anwar, Z., Ahmad, H.F., Latif, K., Munir, F.: Ontology for attack detection: An intelligent approach to web application security. Computers & Security 45, 124 – 146 (2014), http://www.sciencedirect. com/science/article/pii/S0167404814000868
- Singh, K., Singh, P., Kumar, K.: Application layer http-get flood {DDoS} attacks: Research landscape and challenges. Computers & Security 65, 344 – 372 (2017), http://www.sciencedirect.com/science/article/pii/S0167404816301365
- Wichers, D.: OWASP Top Ten Project. https://www.owasp.org/ (2013), [Online; accessed 12-March-2017]
- Wueest, C.: Istr financial threats review 2017. Special report, Symantec (May 2017), https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-financial-threats-review-2017-en.pdf