LiU > IDA > Real-Time Systems Lab
ABOUT
MEMBERS
COOPERATION
PROJECTS
PUBLICATIONS
COURSES
OPEN POSITIONS
THESES
ALUMNI

Announcements

[26 May 2014] A bachelor student at RTSLAB was awarded the best thesis award from IDA - Simon Andersson. more ...

[31 May 2012] A masters student at RTSLAB was awarded the best thesis award from IDA - Ulf Magnusson. more ...

[27 February 2008] A masters student at RTSLAB was awarded the best thesis award from IDA - Johan Sigholm. more ...

[03 March 2004] A masters student at RTSLAB was awarded the best thesis award from IDA - Tobias Chyssler. more ...

[01 Jul 2003] For second year in a row a masters student at RTSLAB was awarded the best thesis award from SNART - Mehdi Amirijoo. more ...

Master Thesis - Past Projects - Abstract

Intrusion Detection for Web Services

ID: LiTH-IDA-EX-05/058--SE

Services and applications residing on web or application servers, often referred to as Web services, are often used in business environments, carrying out transactions worth countless money. This makes these applications and services very attractive as targets for an attack. This thesis focuses on creating a framework that protects against Web service and Web based attacks. The services this framework protects are created out of a wide variety of technologies. Furthermore, the services provide both anonymous and authenticated user access. The biggest concern for the services is data theft since they all rely on the same database. It is hard to protect against attacks targeted at Web services since they rely on a transport layer protocol for communication and this enables them to penetrate firewalls. In order to secure Web service traffic adequately the firewall would have to inspect every incoming request. The resulting framework is capable of tracking the usage for each service and detecting abusive behaviour for both Web services and servlet based services. In order to inspect incoming request the framework relies on invocation handlers for Web services and servlet filters for servlet based services. As detection mechanism a rule based approach with regular expressions is used for detecting abnormal URI input, while abnormal service usage is detected by creating a user usage profile and comparing it with thresholds representing normal usage. The framework was tested in three ways: With a performance test measuring the overhead execution time added by the framework to each request. With two scenarios validating the abnormal usage part of the framework. By running a client to execute a series of abnormal URI inputs and validating that the rule set works correctly.

Keywords:

Author(s): Christofer Wallán

Contact: Simin Nadjm-Tehrani

Click here to return.
Last modified September 2012. If you have questions or suggestions for the webpages, contact the webmaster