SPHERES: an efficient server-side web application protection system Online publication date: Wed, 12-Dec-2018
by Ouissem Ben Fredj
International Journal of Information and Computer Security (IJICS), Vol. 11, No. 1, 2019
Abstract: While the web attacks grow in number and manner, the current web protection methods fail to follow this evolution. This paper introduces a new design of a web application protection method called SPHERES. The main idea behind SPHERES is that it is placed in the application server; it intercepts the decrypted traffic, and checks it against a set of filtering rules specific to the requests. This design allows SPHERES to have the most accurate picture of the exchanged traffic, the websites structures and workflows, the user sessions and their states, and the system states. This accurate picture of the total system allows SPHERES to build a protection sphere around the website and checks several types and levels of protections efficiently. In addition to the detection of known attacks, SPHERES is able to detect zero-day attacks at runtime. The performance study of SPHERES shows that it is much better than two famous existing web protection tools.
Online publication date: Wed, 12-Dec-2018
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Information and Computer Security (IJICS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email email@example.com