Abstract:
Probing is the major issue in web application security but there does not exit reasonable progress
to detect probing before the actual attack is launched. The key challenge is to identify attacker’s
probing process for gathering information of vulnerabilities in Web application and take
appropriate actions quickly before attackers exploit them. In this research work, we propose a
methodology to detect probing; it is currently implemented as a part of SWAF (Semantic Based
Web Applications Firewall) project. It assists SWAF to detect probing before an attacker is able
to exploit vulnerabilities. Most of the vulnerabilities are discovered as a result of trial and error
by the attacker. We make it possible to detect probing by using three techniques viz. XML rules,
SWAF log and application profiling (together comes under threshold learning) and carrying out
behavioral analysis of the attackers traffic to detect and block them. The proposed methodology
increases the detection rate of SWAF and considerably decreases the attack ratio. As a part of
this work we have also evaluated the performance of SWAF with probing detection technique
using most popular scanners. Evaluation results confirm the effectiveness of proposed approach
as it detects scanners with high detection rate.
