Automated Generation of Application Models Through Access Traffic Analysis

Abstract

Web applications security has become critically vibrant. Traditionally the "default allow" model has been used for securing web applications, but this approach has exposed web applications to a plethora of attacks. Default deny model, on the other hand provides more restricted security to the web applications. This approach depends on building a model for the application and then allowing only those requests that comply with model and ignoring everything else. An innovative and effective methodology being adopted which lead to the analysis of valid application requests and as a result semi-structured XML cases for the web application being generated. Moreover, learning techniques are being adopted resulting to more mature and strong generated XML cases. This positive security model namely Web Application Model Generator (WAMG) consists of three components namely 1.Automatic white list cases generation Module, 2. Resource Tree Generator and 3.Case Based Reasoning. AMG needs to be described using a standardized XML language. The format should be able to describe all the three components of the positive security model accurately. We build this model through analysis of valid traffic logs in offline mode. The model is represented in the form of XML based cases. This system will be evaluated on the basis of fact that the XML file containing cases is being generating correctly according to the XML format. Moreover, it is ensured that splitting of malicious and non malicious traffic is carried out successfully. Results prove its effectiveness of rule generation using access traffic log of cross site scripting (XSS), SQL injection, JS Charcode, HTTP Request Splitting, HTTP response splitting and Buffer overflow attacks.