Semantic security against web application attacks

Information Sciences

Volumn 254, Issue , 2014, Pages 19-38

  Razzaq, Abdul ^a   Latif, Khalid ^a   Farooq Ahmad, H ^a   Hur, Ali ^a   Anwar, Zahid ^a   Bloodsworth, Peter Charles ^a  

^a NATIONAL UNIVERSITY OF SCIENCES AND TECHNOLOGY NUST   (Pakistan)

Author keywords

Application security; Semantic rule engine; Semantic security

Indexed keywords

COMPUTER CIRCUITS; DATA DESCRIPTION; ONTOLOGY; SEMANTICS; SPECIFICATIONS; WEB CRAWLER;

APPLICATION PROTOCOLS; APPLICATION SECURITY; REAL WORLD ENVIRONMENTS; SEMANTIC RULES; SEMANTIC SECURITY; TECHNOLOGY INDEPENDENT; WEB APPLICATION ATTACKS; WEB ONTOLOGY LANGUAGE;

SEMANTIC WEB;

EID: 84885179737     PISSN: 00200255     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ins.2013.08.007     Document Type: Article

References (83)

1. Waleed Alrodhan, Identity management systems, Digital Identity and Access Management: Technologies and Frameworks (2011) 209.
2. Rohan Amin, Julie Ryan, Johan van Dorp, Detecting targeted malicious email, Security & Privacy, IEEE 10 (3) (2012) 64-71.
3. A. Anitha, V. Vaidehi, Context based application level intrusion detection system, in: International conference on Networking and Services, 2006, ICNS'06, IEEE, 2006, p. 16.
4. Nuno Antunes, Marco Vieira, Defending against web application vulnerabilities, Computer (2012) 66-72.
5. O.T. Arogundade, A.T. Akinwale, Z. Jin, X.G. Yang, Towards an ontological approach to information system security and safety requirement modeling and reuse, Information Security Journal: A Global Perspective 21 (3) (2012) 137-149.
6. M. Auxilia, D. Tamilselvan, Anomaly detection using negative security model in web application, in: 2010 International Conference on Computer Information Systems and Industrial Management Applications (CISIM), IEEE, 2010, pp. 481-486.
7. D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna, Saner: composing static and dynamic analysis to validate sanitization in web applications, in: IEEE Symposium on Security and Privacy, 2008, SP 2008, IEEE, 2008, pp. 387-401.
8. R.S. Boyer, J.S. Moore, A fast string searching algorithm, Communications of the ACM 20 (10) (1977) 762-772.
9. T.D. Brown, Getting to the core of the matter, Strength & Conditioning Journal 28 (2) (2006) 50.
10. P.W. Brunst, Terrorism and the internet: New threats posed by cyberterrorism and terrorist use of the internet, A War on Terror?: The European Stance on a New Threat, Changing Laws and Human Rights Implications (2009) 51.
11. Tom Canavan, Joomla! Web Security, Packt Pub Limited, 2008.
12. Jeremy J Carroll, Ian Dickinson, Chris Dollin, Dave Reynolds, Andy Seaborne, Kevin Wilkinson, Jena: implementing the semantic web recommendations, in: Proceedings of the 13th international World Wide Web Conference on Alternate Track Papers & Posters, ACM, 2004, pp. 74-83.
13. You Chen, Steve Nyemba, Bradley Malin, Detecting anomalous insiders in collaborative information systems, IEEE Transactions on Dependable and Secure Computing 9 (3) (2012) 332-344.
14. Manuel Clavel, José Meseguer, Miguel Palomino, Reflection in membership equational logic, many-sorted equational logic, horn logic with equality, and rewriting logic, Theoretical Computer Science 373 (2007) 70-91. (Pubitemid 46330566)
15. Michael Compton, Payam Barnaghi, Luis Bermudez, Raul Garcia-Castro, Oscar Corcho, Simon Cox, John Graybeal, Manfred Hauswirth, Cory Henson, Arthur Herzog, et al., The SSN ontology of the w3c semantic sensor network incubator group, Web Semantics: Science, Services and Agents on the World Wide Web, 2012.
16. G. Denker, L. Kagal, T. Finin, M. Paolucci, K. Sycara, Security for daml web services: Annotation and matchmaking, The Semantic Web-ISWC 2003 (2003) 335-350.
17. Josep Domingo-Ferrer, David Sánchez, Guillem Rufian-Torrell, Anonymization of nominal data based on semantic marginality, Information Sciences (2013).
18. Zhenhai Duan, Peng Chen, Fernando Sanchez, Yingfei Dong, Mary Stephenson, JamesMichael Barker, Detecting spam zombies by monitoring outgoing messages, IEEE Transactions on Dependable and Secure Computing 9 (2) (2012) 198-210.
19. D. Eastlake, J. Reagle, D. Solo, M. Bartel, J. Boyer, B. Fox, B. LaMacchia, E. Simon, Xml-Signature Syntax and Processing, 2002.
20. M. Ektefa, S. Memar, F. Sidi, L.S. Affendey, Intrusion detection using data mining techniques, in: 2010 International Conference on Information Retrieval & Knowledge Management, (CAMP), IEEE, 2010, pp. 200-203.
21. Nan Feng, Harry Jiannan Wang, Minqiang Li, A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis, Information Sciences (2013).
22. S. Fenz, G. Goluch, A. Ekelhart, B. Riedl, E. Weippl, Information security fortification by ontological mapping of the iso/iec 27001 standard, in: 13th Pacific Rim International Symposium on Dependable Computing, 2007, PRDC 2007, IEEE, 2007, pp. 381-388.
23. Roy Fielding, Jim Gettys, Jeffrey Mogul, Henrik Frystyk, Larry Masinter, Paul Leach, Tim Berners-Lee, Hypertext transfer protocol-http/1.1, 1999.
24. E. Fong, R. Gaucher, V. Okun, P.E. Black, Building a test suite for web application scanners, in: Proceedings of the 41st Annual Hawaii International Conference on System Sciences, IEEE, 2008. pp. 478-478.
25. Marc Fossi, Gerry Egan, Kevin Haley, Eric Johnson, Trevor Mack, Téo Adams, Joseph Blackbird, Mo King Low, Debbie Mazurek, David McKinney, et al., Symantec Internet Security Threat Report Trends for 2010, vol. 16(20), 2011.
26. Mohammad Fraiwan, Rami Al-Salman, Natheer Khasawneh, Stefan Conrad, Analysis and identification of malicious javascript code, Information Security Journal: A Global Perspective 21 (1) (2012) 1-11.
27. Steffen Gebert, Rastin Pries, Daniel Schlosser, Klaus Heck, Internet access traffic measurement and analysis, in: Traffic Monitoring and Analysis, Springer, 2012, pp. 29-42.
28. F.L. Greitzer, A.P. Moore, D.M. Cappelli, D.H. Andrews, L.A. Carroll, T.D. Hull, Combating the insider cyber threat, Security & Privacy IEEE 6 (1) (2008) 61-64. (Pubitemid 351229834)
29. Tom Gruber, What is an ontology, Encyclopedia of Database Systems 1 (2008).
30. Nicola Guarino, Christopher Welty, Evaluating ontological decisions with ontoclean, Communications of the ACM 45 (2) (2002) 61-65. (Pubitemid 135699725)
31. Hal Berghel, Identity theft and financial fraud: Some strangeness in the proportions, Computer 45 (1) (2012) 86-89.
32. B. Guha, B. Mukherjee, Network security via reverse engineering of tcp code: vulnerability analysis and proposed solutions, Network, IEEE 11 (4) (1997) 40-48. (Pubitemid 127603071)
33. A. Herzog, N. Shahmehri, C. Duma, An ontology of information security, Techniques and Applications for Advanced Information Privacy and Security: Emerging Organizational, Ethical, and Human Issues (2009) 278-301.
34. I. Horrocks et al, Daml + oil: adescription logic for the semantic web, IEEE Data Engineering Bulletin 25 (1) (2002) 4-9.
35. Ian Horrocks, Peter F Patel-Schneider, Harold Boley, Said Tabet, Benjamin Grosof, Mike Dean, et al., Swrl: a semantic web rule language combining owl and ruleml, W3C Member Submission 21 (2004) 79.
36. Hongxin Hu, Gail-Joon Ahn, Ketan. Kulkarni, Detecting and resolving firewall policy anomalies, IEEE Transactions on Dependable and Secure Computing 9 (3) (2012) 318-331.
37. Jian Hua, Sanjay Bapna, How can we deter cyber terrorism?, Information Security Journal: A Global Perspective 21 (2) (2012) 102-114
38. S. Hung, S. Liu. A User-Centric Intrusion Detection System by Using Ontology Approach, 2006.
39. N. Jovanovic, C. Kruegel, E. Kirda, Static analysis for detecting taint-style vulnerabilities in web applications, Journal of Computer Security 18 (5) (2010) 861-907.
40. J. Kannan, P. Maniatis, B.G. Chun, Secure data preservers for web services, in: Proceedings of the 2nd USENIX Conference on Web Application Development, USENIX Association, 2011, pp. 3-3.
41. Graham Klyne, Jeremy J Carroll, Brian McBride, Resource description framework (RDF): concepts and abstract syntax, W3C Recommendation 10 (2004).
42. C. Krugel, T. Toth, E. Kirda, Service specific anomaly detection for network intrusion detection, in: Proceedings of the 2002 ACM symposium on Applied computing, ACM, 2002, pp. 201-208. (Pubitemid 35009592)
43. C.E. Landwehr, A.R. Bull, J.P. McDermott, W.S. Choi, A taxonomy of computer program security flaws, ACM Computing Surveys (CSUR) 26 (3) (1994) 211-254.
44. Yiqun Liu, Fei Chen, Weize Kong, Huijia Yu, Min Zhang, Shaoping Ma, Liyun Ru, Identifying web spam with the wisdom of the crowds, ACM Transactions on the Web (TWEB) 6 (1) (2012) 2.
45. G.W. Manes, D. Schulte, S. Guenther, S. Shenoi, Netglean: a methodology for distributed network security scanning, Journal of Network and Systems Management 13 (3) (2005) 329-344. (Pubitemid 41344140)
46. Deborah L McGuinness, Frank Van Harmelen, et al, Owl web ontology language overview, W3C Recommendation 10 (2004-03) (2004) 10.
47. J. McHugh, Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory, ACM Transactions on Information and System Security 3 (4) (2000) 262-294.
48. P. Ning, S. Jajodia, X.S. Wang, Abstraction-based intrusion detection in distributed environments, ACM Transactions on Information and System Security (TISSEC) 4 (4) (2001) 407-452.
49. OWASP, Web application security testing cheat sheet, 2011. www.owasp.org.
50. Top10 OWASP, Top 10-2010, The Ten Most Critical Web Application Security Risks, The Open Web Application Security Project, 2010.
51. Sangun Park, Juyoung Kang, Using rule ontology in repeated rule acquisition from similar web sites, IEEE Transactions on Knowledge and Data Engineering 24 (6) (2012) 1106-1119.
52. Cristian I Pinzon, Juan F De Paz, Alvaro Herrero, Emilio Corchado, Javier Bajo, Juan M Corchado, idmas-sql: Intrusion detection based on mas to detect and block sql injection through data mining, Information Sciences (2011).
53. Jon Postel, Simple mail transfer protocol, Information Sciences (1982).
54. Jon Postel, Joyce Reynolds, File Transfer Protocol, 1985.
55. V. Raskin, C.F. Hempelmann, K.E. Triezenberg, S. Nirenburg, Ontology in information security: a useful theoretical foundation and methodological tool, in: Proceedings of the 2001 Workshop on New Security Paradigms, ACM, 2001, pp. 53-59.
56. A. Razzaq, A. Hur, M. Masood, K. Latif, H.F. Ahmad, H. Takahashi, Foundation of semantic rule engine to protect web application attacks, in: 2011, 10th International Symposium on Autonomous Decentralized Systems (ISADS), IEEE, 2011, pp. 95-102.
57. Eric Rescorla, A Schiffman, The Secure Hypertext Transfer Protocol, 1999.
58. F.S. Rietta, Application layer intrusion detection for sql injection, in: Proceedings of the 44th Annual Southeast Regional Conference, ACM, 2006, pp. 531-536. (Pubitemid 46733524)
59. Ivan Ristic, Modsecurity: Open Source Web Application firewall, 2010.
60. M. Roesch, et al., Snort-lightweight intrusion detection for networks, in: Proceedings of the 13th USENIX conference on System administration, Seattle, Washington, 1999, pp. 229-238.
61. Matthew Rowe, Miriam Fernandez, Sofia Angeletou, Harith Alani, Community analysis through semantic rules and role composition derivation, Web Semantics: Science, Services and Agents on the World Wide Web, 2012.
62. M. Rubiolo, M.L. Caliusco, G. Stegmayer, M. Coronel, M. Gareli Fabrizi, Knowledge discovery through ontology matching: an approach based on an artificial neural network model, Information Sciences 194 (2012) 107-119.
63. T. Ryutov, C. Neuman, K. Dongho, Z. Li, Integrated access control and intrusion detection for web servers, IEEE Transactions on Parallel and Distributed Systems 14 (9) (2003) 841-850.
64. Igor Santos, Felix Brezo, Xabier Ugarte-Pedrero, Pablo G Bringas, Opcode sequences as representation of executables for data-mining-based unknown malware detection, Information Sciences (2011).
65. Igor Santos, Carlos Laorden, Borja Sanz, Pablo G Bringas, Enhanced topic-based vector space model for semantics-Aware spam filtering, Expert Systems with applications 39 (1) (2012) 437-444.
66. S.T. Sarasamma, Q.A. Zhu, J. Huff, Hierarchical kohonenen net for anomaly detection in network security, IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics 35 (2) (2005) 302-312. (Pubitemid 40535913)
67. Farrukh Shahzad, M. Shahzad, Muddassar Farooq, In-execution dynamic malware analysis and detection by mining information in process control blocks of linux os, Information Sciences (2011).
68. Lwin Khin Shar, Hee Beng Kuan Tan, Defending against cross-site scripting attacks, Computer 45 (3) (2012) 55-62.
69. Quan Z Sheng, Zakaria Maamarb, Lina Yaoa, Claudia Szaboa, Scott Bournea, Behavior modeling and automated verification of web services, Information Sciences (2012).
70. Evren Sirin, Bijan Parsia, Bernardo Cuenca Grau, Aditya Kalyanpur, Yarden Katz, Pellet: A practical owl-dl reasoner, Web Semantics: Science, Services and Agents on the World Wide Web 5 (2) (2007) 51-53. (Pubitemid 46856283)
71. Jungsuk Song, Hiroki Takakura, Yasuo Okabe, Koji Nakao, Toward a more practical unsupervised anomaly detection system, Information Sciences (2011).
72. M. Stein, M. Beer, V. Kreinovich, Bayesian approach for inconsistent information, Information Sciences (2013).
73. Hung-Min Sun, Yao-Hsin Chen, Yue-Hsun Lin, opass: A user authentication protocol resistant to password stealing and password reuse attacks, IEEE Transactions on Information Forensics and Security 7 (2) (2012) 651-663.
74. C.Y. Tan, S.R. Tan, B. Morel, 19601 Information Warfare, in: 19601 Information Warfare, Carnegie Mellon, 2011, pp. 15.
75. J. Undercoffer, J. Pinkston, A. Joshi, T. Finin, A target-centric ontology for intrusion detection, in: 18th International Joint Conference on Artificial Intelligence, 2004, pp. 9-15.
76. Sabrina De Capitani Di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Giuseppe Psaila, Pierangela Samarati, Integrating trust management and access control in data-intensive web applications, ACM Transactions on the Web (TWEB) 6 (2) (2012) 6.
77. V. Viswanathan, Ilango Krishnamurthi, Ranking semantic relationships between two entities using personalization in context specification, Information Sciences (2012).
78. Mike Volordarsky, Olga M Londer, Brett Hill, Bernard Cheah, Steve Schofield, Carlos Aguiar Mares, Kurt Meyer, et al, Internet Information Services (IIS) 7.0 resource kit, Microsoft Press, 2010.
79. M. Vrancianu, L.A. Popa, Considerations regarding the security and protection of e-banking services consumers' interests, The Amfiteatru Economic Journal 12 (28) (2010) 388-403.
80. X.F. Wang, J.L. Zhou, S.S. Yu, L.Z. Cai, Data mining methods for anomaly detection of http request exploitations, Fuzzy Systems and Knowledge Discovery (2005) 484. 484.
81. Dianxiang Xu, Manghui Tu, Michael Sanford, Lijo Thomas, Daniel Woodraska, Weifeng Xu, Automated security test generation with formal threat models, IEEE Transactions on Dependable and Secure Computing 9 (4) (2012) 526-540.
82. Zhe Yao, Philip Mark, Michael Rabbat, Anomaly detection using proximity graph and pagerank algorithm, IEEE Transactions on Information Forensics and Security 7 (4) (2012) 1288-1300.
83. Xin Zhao, Atul Prakash, Wsf: An http-Level firewall for Hardening Web Servers, 2005.