Web Threats Detection and Prevention Framework

M. Rababah, Osama and K. Al Hwaitat, Ahmad and Al Manaseer, Saher and N. Fakhouri, Hussam and Halaseh, Rula (2016) Web Threats Detection and Prevention Framework. Communications and Network, 08 (03). pp. 170-178. ISSN 1949-2421

[thumbnail of CN_2016080414325679.pdf] Text
CN_2016080414325679.pdf - Published Version

Download (922kB)

Abstract

The rapid advancement in technology and the increased number of web applications with very short turnaround time caused an increased need for protection from vulnerabilities that grew due to decision makers overlooking the need to be protected from attackers or software developers lacking the skills and experience in writing secure code. Structured Query Language (SQL) Injection, cross-site scripting (XSS), Distributed Denial of service (DDos) and suspicious user behaviour are some of the common types of vulnerabilities in web applications by which the attacker can disclose the web application sensitive information such as credit card numbers and other confidential information. This paper proposes a framework for the detection and prevention of web threats (WTDPF) which is based on preventing the attacker from gaining access to confidential data by studying his behavior during the action of attack and taking preventive measures to reduce the risks of the attack and as well reduce the consequences of such malicious action. The framework consists of phases which begin with the input checking phase, signature based action component phase, alert and response phases. Additionally, the framework has a logging functionality to store and keep track of any action taking place and as well preserving information about the attacker IP address, date and time of the attack, type of the attack, and the mechanism the attacker used. Moreover, we provide experimental results for different kinds of attacks, and we illustrate the success of the proposed framework for dealing with and preventing malicious actions.

Item Type: Article
Subjects: Institute Archives > Computer Science
Depositing User: Managing Editor
Date Deposited: 24 Dec 2022 07:08
Last Modified: 02 Mar 2024 04:14
URI: http://eprint.subtopublish.com/id/eprint/688

Actions (login required)

View Item
View Item