Formal Semantic Model For Web Applications Security An Intelligent Approach For Detecting And Classifying Cyber Attacks

Cyber Civilization has become an important source of information sharing and professional activities. It is a rapid and concert source for boosting the economy of the world. The exponential increase in cyber threats with the expansion of web applications has become the biggest security concern to e-business, medical data, personal privacy and defense systems. Presently the social networks, Internet connected mobile devices, individual privacy, and the online connectivity of entities such as e-shopping, e-banking or ecommerce are the most enticing targets for cyber criminals. Sophisticated approaches are used to launch polymorphic attacks to exploit the vulnerabilities of web applications. Recent surveys show that more than 80% attacks targeting the application layer, 90% applications are vulnerable to attacks and on the average 15 new vulnerabilities are released per day. These facts seem justied to prove that current state of the art security solutions are ineective to provide sucient security solution. These solutions inherently have static nature in attack detection, lack of expressiveness in attack detection rules, and absence of reasoning capability that are required for detecting unanticipated ways to launch an attack.In this dissertation, a new methodology has been adopted that has formal grounding and mitigated the problems in the domain of web application security. The proposed methodology is an ontology based technique that is used for detecting and classifying web application attacks. It species web application attacks by using semantic rules, the context of consequence and the specications of application protocols. The approach is capable of detecting sophisticated attacks eectively and eciently by analyzing the specied portion of a user request where attacks are possible. Semantic rules / signatures help to capture the context of the application, possible attacks and the protocol used. These rules also allow inference to run over the ontological models in order to detect, the often complex polymorphic variations of web application attacks. The proposed approach is used for model specication, logic inference and attack vector analysis techniques utilized to generalization of attack rules.The ontological models are developed in Protege framework by using Description Logic that is based on the Web Ontology Language (OWL). The inference rules are Horn Logic statements and are implemented by using the Apache JENA framework. The approach is therefore platform and technology independent. Prior to the evaluation of the approach the knowledge models are validated by using OntoClean to remove inconsistency, incompleteness and redundancy in the specication of ontological concepts. The experimental results show that the detection capability and performance of our approach is signicantly better than current state of the art solutions. The approach successfully detects web application attacks whilst generating few false positives. The examples that are presented demonstrate that a semantic approach can be used to eectively detect zero day and more sophisticated attacks in a real-world environment. For clarity and validity of models, some useful functionalities and specications of semantic rules, protocol, and attack ontology are formally modeled by using Z notation.