English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 112721/143689 (78%)
Visitors : 49621828      Online Users : 572
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/113729


    Title: WIPS A Practical Intrusion Prevention System for Web Applications
    Authors: Chen, Jui-Wen
    Cheng, Bo-Chao
    Chuang, Ming-Ni
    Keywords: Web application secruity intrusion prevention system finite state machine network processor
    Date: 2005
    Issue Date: 2017-10-17 17:03:32 (UTC+8)
    Abstract: 近來Web應用的蓬勃發展,衍生出許多Web應用安全的問題。國際產業研究公司Gartner Group也提到在所有攻擊事件中,有百分之七十五是發生在應用層(OSI Application Iayer),並且四分之三的商業網站是有漏洞的,但是傳統的網路安全設備(例如入侵偵測系統以及防火牆)並不能有效的防止應用層的攻擊。有鑑於此,本論文延伸有限狀態機 (finite state machine)的原理及整合stateful session檢測機制,提出Web入侵防禦系統(WIPS)來解決Web應用所造成的安全問題。Web入侵防禦系統並結合正面表述(positive approach)與負面表述(negative approach)的優點防止Web攻擊的產生。本系統已完成設計且將其系統實現在Intel網路處理器搭配MontaVista Linux的開發平台上,透過功能性與效能性的實際量測可以證明Web入侵防禦系統可以有效且快速的阻擋Web攻擊,建立一個高安全性的Web應用環境來保障企業以及合法使用者的財產安全。
    Web application portal with the single sign on (SSO) feature provides an integrated E-Business solution such that web application becomes an essential building block for business operations. Gartner Group report indicates that 75% of malicious attacks targeting the application layer and three out of four business Web sites are vulnerable to Applicationlevel attacks. Therefore, the traditional security devices (such as firewall and intrusion detection system) are not able to protect web-based applications any more. Implementing a solid web application security protection shield is top-of-mind of security researchers. Extending the finite state machine theory and coupling with stateful session inspection, we propose Web Intrusion Prevention System (WIPS) to solve web application security issues listed in the OWASP Top Ten project. WIPS works as the last defense line to separate web browsers and web servers by examining network traffic, maintaining every session’s state information and allowing only specific web behaviors defined by web finite state machine to pass through. With embedded Snort capability, WIPS also provides negative security models to resist the lower layer attacks. A WIPS prototype has been implemented on Intel Network Processor (IXP425) running with MontaVista Linux. In our study, the functionality and performance has been assessed to show WIPS providing a key answer for advancing the state-of-the-art in web application security in a realistic environment.
    Relation: TANET 2005 台灣網際網路研討會論文集
    資訊安全技術
    Data Type: conference
    Appears in Collections:[TANET 台灣網際網路研討會] 會議論文

    Files in This Item:

    File Description SizeFormat
    345.pdf642KbAdobe PDF2210View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback