Formal Semantic Model for Web Applications Security- an Intelligent Approach for Detecting and Classifying Cyber Attacks

Cyber Civilization has become an important source of information sharing and professional activities. It is a rapid and concert source for boosting the economy of the world. The exponential increase in cyber threats with the expansion of web applications has become the biggest security concern to e-business, medical data, personal privacy and defense systems. Presently the social networks, Internet connected mobile devices, individual privacy, and the online connectivity of entities such as e-shopping, e-banking or e- commerce are the most enticing targets for cyber criminals. Sophisticated approaches are used to launch polymorphic attacks to exploit the vulnerabil- ities of web applications. Recent surveys show that more than 80% attacks targeting the application layer, 90% applications are vulnerable to attacks and on the average 15 new vulnerabilities are released per day. These facts seem justified to prove that current state of the art security solutions are ineffective to provide sufficient security solution. These solutions inherently have static nature in attack detection, lack of expressiveness in attack detec- tion rules, and absence of reasoning capability that are required for detecting unanticipated ways to launch an attack. In this dissertation, a new methodology has been adopted that has for- mal grounding and mitigated the problems in the domain of web application security. The proposed methodology is an ontology based technique that is used for detecting and classifying web application attacks. It specifies web application attacks by using semantic rules, the context of consequence and the specifications of application protocols. The approach is capable of detect- ing sophisticated attacks effectively and efficiently by analyzing the specified portion of a user request where attacks are possible. Semantic rules / signa- tures help to capture the context of the application, possible attacks and the protocol used. These rules also allow inference to run over the ontological models in order to detect, the often complex polymorphic variations of web application attacks. The proposed approach is used for model specification, logic inference and attack vector analysis techniques utilized to generalization of attack rules. The ontological models are developed in Protege framework by using De- scription Logic that is based on the Web Ontology Language (OWL). The inference rules are Horn Logic statements and are implemented by using the Apache JENA framework. The approach is therefore platform and technol- ogy independent. Prior to the evaluation of the approach the knowledge models are validated by using OntoClean to remove inconsistency, incom- pleteness and redundancy in the specification of ontological concepts. The experimental results show that the detection capability and performance of our approach is significantly better than current state of the art solutions. The approach successfully detects web application attacks whilst generat- ing few false positives. The examples that are presented demonstrate that a semantic approach can be used to effectively detect zero day and more sophisticated attacks in a real-world environment. For clarity and validity of models, some useful functionalities and specifications of semantic rules, protocol, and attack ontology are formally modeled by using Z notation.