Journal of Networks, Vol 7, No 6 (2012), 997-1005, Jun 2012
doi:10.4304/jnw.7.6.997-1005

FRPWPS: A Filter Driver and Reverse Proxy Based Web Protection System

Qian He, Yong Wang, Bang Zhao, Linlin Yao, Hongbin Chen

Abstract


Website attack has seriously affected the owner’s profit and the security of the Internet. In this paper, a Filter Driver and Reverse Proxy based Web Protection System (FRPWPS) with a version control-based safe recovery mechanism is proposed. FRPWPS consists of five sub systems including web file monitor, content publish, web reverse proxy, backup and recovery, and monitor center. The file filter driver is used to protect web program files from illegally tampered. The protected websites are run behind a web proxy with intrusion detection function. The backup and recovery subsystem is realized by a FTP protocol. Experiments analyze the functions and costs of FRPWPS, and results show that it can work well and achieve good performance for web protection.


Keywords


Web Protection; Filter Driver; Reverse Proxy; Intrusion Detection; Backup and Recovery

References


 

[1] News Office of State,the White Paper of Status of Chinese Internet . HTTP://www.gov.cn/zwgk/2010-06/08/content_1622866.htm,2010

[2] ZHANG Lei,WANG Lina,WANG Dejun. Model of Webpage Tamper-Proof System. Journal of wuhan university (Science Edition), 55(1):121-124,2009.

[3] http://www.inforguard.com.

[4] http://www.jlsykj.com.cn.

[5] M. Roesch. Snort: Lightweight intrusion detection for networks. In Proc. of USENIX Large Installation System Administration Conference LISA, 229-238, 1999.

[6] V. Paxson. Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24):2435-2466, Dec. 1999.
http://dx.doi.org/10.1016/S1389-1286(99)00112-7

[7] T.Ryutov,C.Neuman,D.Kim,L.Zhou. Integrated Access Control and Intrusion Detection for web servers. IEEE transactions on parallel and distributed systems. 14(9):841-850, 2003.
http://dx.doi.org/10.1109/TPDS.2003.1233707

[8] Ivan Ristic. ModSecurity Handbook. Feisty Duck Press. 2010.

[9] 9. W. Robertson, G. Vigna, C. Kruegel, and R. A.Kemmerer. Using generalization and characterization techniques in the anomaly-based detection of web attacks. In Proc. of Network and Distributed System Security Symposium (NDSS), 2006.

[10] R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee. McPAD: A multiple classier system for accurate payload-based anomaly detection. Computer Networks,53(6):864-881, 2009.
http://dx.doi.org/10.1016/j.comnet.2008.11.011

[11] K. Rieck and P. Laskov. Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research, 9(Jan):23-48, 2008.

[12] S. Sun,Y. Wang. "Research and application of an improved support vector clustering algorithm on anomaly detection," Journal of Software, 5(3):328-335, 2010.

[13] C. Kruegel and G. Vigna. Anomaly detection of web-based attacks. In Proc. of 10th ACM Conf. on Computer and Communications Security, pages 251-261, 2003.

[14] F. Valeur, G. Vigna, C. Kruegel, and E. Kirda. An anomaly-driven reverse proxy for web applications. In Proc. of the 2006 ACM symposium on Applied computing, pages 361-368, 2006.

[15] K. L. Ingham, A. Somayaji, J. Burge, and S. Forrest. Learning DFA representations of HTTP for protecting web applications. Computer Networks, 51(5):1239-1255, 2007.
http://dx.doi.org/10.1016/j.comnet.2006.09.016

[16] Y. Song, A. D. Keromytis, and S. J. Stolfo. Spectrogram: A mixture-of-markov-chains model for anomaly detection in web traffic. In Proc. of Network and Distributed System Security Symposium (NDSS), 2009.

[17] G. Vigna, F. Valeur, D. Balzarotti, W. Robertson, C. Kruegel, and E. Kirda. Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries. Journal Computer Security, 17(3):305-329, 2009.

[18] Tammo Krueger, Christian Gehl, Konrad Rieck, Pavel Laskov, TokDoc: a self-healing web application firewall, Proceedings of the 2010 ACM Symposium on Applied Computing, March 22-26, 2010, Sierre, Switzerland [doi>10.1145/1774088.1774480]

[19] Walter Oney. Programming the Microsoft Windows Driver Mode. 2nd Edition Ebook. Washington, USA:Microsoft Press,2003.

[20] Sample Performance Tests of Webserver Stress Tool. HTTP://www.paessler.com/webstress/sample_performance_tests

[21] Xiao Rong.WIS. HTTP://www.netxeyes.com/main.html

[22] What is JFtp about?[DB/OL]. http://j-ftp.sourceforge.net/


Full Text: PDF


Journal of Networks (JNW, ISSN 1796-2056)

Copyright @ 2006-2013 by ACADEMY PUBLISHER – All rights reserved.