• Journal of the Korea Society of Computer and Information
• /
• v.13 no.3
• /
• pp.139-146
• /
• 2008

Despite of information security installation, leakage of personal information in web services has not decreased. This is because traffics to web applications are still vulnerable by permitting external sources to access services in port HTTF 80 and HTTPS 443, even with firewall systems in place. This thesis analyzes various attack patterns resulted from web service environment and vulnerable traffic and categorizes the traffics into normal and abnormal traffics. Also this proposes ways to analyze web application attack patterns from those abnormal traffics based on weak points warned in OWASF(Open Web Application Security Project), design a system capable of detect and isolate attacks in real time, and increase efficiency of preventing attacks.

• Convergence Security Journal
• /
• v.4 no.2
• /
• pp.17-25
• /
• 2004

As Internet and Internet users are rapidly increasing and getting popularized in the world the existing firewall has limitations to detect attacks which exploit vulnerability of web server. And these attacks are increasing. Most of all, intrusions using web application's programming error are occupying for the most part. In this paper, we introduced real-time web-server agent which analyze web-server based log and detect web-based attacks after the analysis of the web-application's vulnerability. We propose the method using real-time agent which remove Process ID(pid) and block out attacker's If if it detects the intrusion through the decision stage after judging attack types and patterns.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.365-371
• /
• 2021

With the rapid growth in Internet users, web applications are becoming the main target of hackers. Most previous WAFs (Web Application Firewalls) target every single HTTP request packet rather than the overall behavior of the attacker, and are known to be difficult to detect new types of attacks. In this paper, we propose a web attack detection system based on user behavior using machine learning to detect attacks of unknown patterns. In order to define user behavior, we focus on features excluding areas where an attacker can camouflage as a normal user. The experimental results shows that by using the path and query information to define users' behaviors, best results for an accuracy of 99% with Decision forest.

• Journal of the Korean Society for Precision Engineering
• /
• v.23 no.5 s.182
• /
• pp.111-118
• /
• 2006

Better understanding and sharing information are getting important to manage interdisciplinary product development team in a globally-distributed company. This study proposes a solution to implement RPD(Rapid Product Development) system for the distributed development teams using SOAP(Simple Object Access Protocol). And a new approach is introduced for the better understanding of product geometry among the development members in different place and the easy sharing of product information. An application example shows that SOAP operates in distributed environment more efficiently than other RPC(Remote Procedure Call) techniques and it does not respond sensitively to firewall. And SOAP is an excellent RPC and messaging technique to exchange structured data. Procedures developed with use of SOAP are worked together with web, and users can use remote services as an application program in their local computer.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.632-635
• /
• 2013

클라우드 컴퓨팅은 최근 IT 기술 중 가장 주목받는 분야로, 클라우드 컴퓨팅 자원을 네트워크 기반으로 제공하는 기술이다. 클라우드 환경에서 소프트웨어를 개발하는 경우 가상 환경을 이용해서 작업 비용을 대폭 절감할 수 있는 이점이 있지만, 웹 어플리케이션 취약점을 이용한 웹 기반 공격 등의 보안 문제가 남아있다. 클라우드 컴퓨팅이 인터넷을 통해서 서비스를 제공하기 때문에 웹 보안 향상이 클라우드 컴퓨팅의 중요한 보안 이슈이다. 본 논문에서는 클라우드 시스템의 웹 보안 문제를 해결하기 위해 클라우드 컴퓨팅을 기반으로 다중 웹 방화벽(Web Application Firewall)을 구축하는 방안을 제안하고자 한다.

• 한국IT서비스학회:학술대회논문집
• /
• 2007.11a
• /
• pp.549-553
• /
• 2007

웹의 사용의 확대와 함께 웹 어플리케이션에 대한 공격도 증가하고 있으며 그 형태도 다양화하고 지능화하고 있다. 웹 어플리케이션 방화벽은 이러한 공격으로부터 웹 어플리케이션을 보호하기 위한 시스템이다. 본 논문에서는 현재의 웹 어플리케이션 위협 요소 중 취약한 크로스 사이트 스크립팅과 세션 보호의 문제점을 분석하고 해결 방안을 제시한다. 그리고 일반적인 웹 어플리케이션 방화벽이 앞으로 발전되어야 할 방안을 제시한다.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.161-168
• /
• 2007

Web attack uses structural, logical and coding error or web application rather than vulnerability to Web server itself. According to the Open Web Application Security Project (OWASP) published about ten types of the web application vulnerability to show the causes of hacking, the risk of hacking and the severity of damage are well known. The detection ability and response is important to deal with web hacking. Filtering methods like pattern matching and code modification are used for defense but these methods can not detect new types of attacks. Also though the security unit product like IDS or web application firewall can be used, these require a lot of money and efforts to operate and maintain, and security unit product is likely to generate false positive detection. In this research profiling method that attracts the structure of web application and the attributes of input parameters such as types and length is used, and by installing structural database of web application in advance it is possible that the lack of the validation of user input value check and the verification and attack detection is solved through using profiling identifier of database against illegal request. Integral security management system has been used in most institutes. Therefore even if additional unit security product is not applied, attacks against the web application will be able to be detected by showing the model, which the security monitoring log gathering agent of the integral security management system and the function of the detection of web application attack are combined.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.11B
• /
• pp.1277-1284
• /
• 2011

Today, many applications use 80 port, which is a basic port number of HTTP protocol, to avoid a blocking of firewall. HTTP protocol is used in not only Web browsing but also many applications such as the search of P2P programs, update of softwares and advertisement transfer of nateon messenger. As HTTP traffics are increasing and various applications transfer data through HTTP protocol, it is essential to identify which applications use HTTP and how they use the HTTP protocol. In order to prevent a specific application in the firewall, not the protocol-level, but the application-level traffic classification is necessary. This paper presents a method to classify HTTP traffics based on applications of the client-side and group the applications based on providing services. We developed an application-level HTTP traffic classification system and verified the method by applying the system to a small part of the campus network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.587-596
• /
• 2024

Cyber Attack and Cyber Threat are getting confused and evolved. Therefore, using AI(Artificial Intelligence), which is the most important technology in Fourth Industry Revolution, to build a Cyber Threat Detection System is getting important. Especially, Government's SOC(Security Operation Center) is highly interested in using AI to build SOAR(Security Orchestration, Automation and Response) Solution to predict and build CTI(Cyber Threat Intelligence). In this thesis, We introduce the Cyber Threat Detection System by analyzing Network Traffic and Web Application Firewall(WAF) Log data. Additionally, we apply the well-known TF-IDF(Term Frequency-Inverse Document Frequency) method and AutoML technology to classify Web traffic attack type.

• Journal of Internet Computing and Services
• /
• v.15 no.6
• /
• pp.55-64
• /
• 2014

In a Web application, you can pass without restrictions special network security devices such as IPS and F/W, URL parameter, which is an important element of communication between the client and the server, is forwarded to the Web server. Parameters are modulated by an attacker requests a URL, disclose confidential information or through e-commerce, can take financial gain. Vulnerability parameter manipulation thereof cannot be able to determine whether to operate in only determined logical application, blocked with Web Application Firewall. In this paper, I will present a technique OTACUS(One-Time Access Control URL System) to complement the shortcomings of the measures existing approaches. OTACUS can be effectively blocked the modulation of the POST or GET method parameters passed to the server by preventing the exposure of the URL to the attacker by using clean URL technique simplifies complex URL that contains the parameter. Performance test results of the actual implementation OTACUS proves that it is possible to show a stable operation of less than 3% increase in the load.