Enhancing Semantic Rule Engine for Semantic based Web Application Firewall (SWAF)

Abstract

Web applications after their revolutionary advent and popularity have become target range for variety of attacks. Magnitude and complexity of these attacks is continuously growing with every minute development in World Wide Web. There are plenty of web attack detection techniques but they cannot fully comprehend the required degree of security for complex web applications. The reasons include static nature of attack detection mechanism, lack of expressiveness in attack detection rules, and absence of reasoning capability to detect unanticipated ways through which an attack can appear. To cater these issues, a formal approach is required that has more expressiveness and equipped reasoning. We used ontology as a formal approach which provides expressiveness and reasoning as a package. We also studied the important attributes that are helpful to analyze and detect web attacks. These are root causes, HTTP portion used, messages needed for attack, impact and detection models used for detection. On the basis of our empirical study and pragmatic results, we developed web application attacks ontology. The developed ontology underwent three evolution criteria. Formal correctness and consistency is validated using OntoClean and Pellet reasoner. Domain coverage is second criteria and our ontology covers all web attacks listed by OWASP. Last but not least is the task orientation that how it will be used for detecting web attacks; we made a case study which shows how effective it is when we use it for detection.