Menu
Publications
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
Editor-in-Chief
Nikiforov
Vladimir O.
D.Sc., Prof.
Partners
doi: 10.17586/2226-1494-2020-20-2-233–242
SEARCH METHODS FOR ABNORMAL ACTIVITIES OF WEB APPLICATIONS
Read the full article ';
Article in Russian
For citation:
Abstract
For citation:
Mikheeva O.I., Gatchin Yu.A., Savkov S.V., Khammatova R.M., Nyrkov A.P. Search methods for abnormal activities of web applications. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2020, vol. 20, no. 2, pp. 233–242 (in Russian). doi: 10.17586/2226-1494-2020-20-2-233-242
Abstract
Subject of Research. The paper presents a review of existing detection methods for abnormal activities of web applications. Comparative characteristics are given. Priorities for improving information security tools in web applications are shown. Method. For evaluation of search methods for abnormal activities of web applications, criteria for selecting indicators were defined. Particular attention was paid to such indicators as: the launching speed of web applications after loading, web application responsiveness to user actions and the number of abnormal activities found in comparison with the number of malfunctions found. Three methods of searching for abnormal activities were compared: statistical code scanning, dynamic code scanning and network traffic monitoring. We considered advantages and disadvantages of each method and implementation examples. Main Results. It is shown that the dynamic method of searching for abnormal activities has the best characteristics. The method provides the identification of anomalies associated with traffic transfer and anomalies that occur during the local operation of web applications. The method is implemented as a code analyzer built into the browser engine. The analyzer checks all calls of the web application to the engine and detects abnormal activity based on such calls. In contrast to static scanning, dynamic scanning identifies anomalies in Web Workers, WebAssembly and in the parts of code that are downloaded over the network after the application starts. Practical Relevance. The work can be useful to information security specialists who deal with the problems of protecting web applications, as well as programmers and system administrators at application creation and implementation stage. The results of the work can find practical use in the development of web applications, browsers, and information protection software.
Keywords: abnormal activity, browser, browser engine, web applications, JavaScript engine, traffic analysis between client and server, static code analysis, dynamic code analysis, search for abnormal activities
References
References
1. Nizamutdinov M.F. Tactics of Defense and Attack on Web Applications. St.Petersburg, BHV Publ., 2005, 432 p. (in Russian)
2. Zaytsev A.S., Malyuk A.A. Development of information security insider threat classification using incident clustering. IT Security, 2016, vol. 23, no. 3, pp. 20–33. (in Russian)
3. Garin E.V., Meshcheryakov R.V. Method for determination of the social graph orientation by the analysis of the vertices valence in the connectivity component. Bulletin of the South Ural State University. Series: Mathematics. Mechanics. Physics, 2017, vol. 9, no. 4, pp. 5–12. doi: 10.14529/mmph170401
4. Stuttard D., Pinto M. The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws. Wiley Publ., 2011, 912 p.
5. Meyksin S.M. Bank security. Bulletin of Science and Education, 2019, no. 4-2(58), pp. 53–55. Available at: https://cyberleninka.ru/ article/n/bezopasnost-bankov (accessed: 23.02.2020). (in Russian)
6. Sukiasyan V.M., Pridius E.S. Contemporary principles and approaches to frontend web architecture. Science, Technology and Education, 2019, no 10(63). pp. 54–57. (in Russian)
7. Tomilov I.O., Trifanov A.V. Fuzzing. Gray-box method. Interexpo GEO-Siberia, 2017, vol. 9, no. 2, pp. 75–80. (in Russian)
8. Melnikov V.G., Greben A.E., Makarova D.G. Investigation of open source firewalls for web applications. Interexpo GEO-Siberia, 2018, no. 7, pp. 233–236. (in Russian)
9. Melnikov V.G., Trifanov A.V. WAF bypass. Interexpo GEO-Siberia, 2017, vol. 9, no. 2, pp. 113–117. (in Russian)
10. Semenova Z.V., Danilova O.T., Kovshar I.R. The analysis of security of a stack of technologies for development of web-resources. Dynamics of Systems, Mechanisms and Machines, 2019, vol. 7, no. 4, pp. 98–105. Available at: https://cyberleninka.ru/article/n/analiz- bezopasnosti-steka-tehnologiy-dlya-razrabotki-web-resursov (accessed: 23.02.2020). (in Russian)
11. Fogie S., Grossman J., Hansen R., Rager A., Petkov P. XSS Attacks: Cross Site Scripting Exploits and Defense, Oxford, Elsevier, 2007, 448 p.
12. Alcorn W., Frichot Ch., Orrù M. The Browser Hacker’s Handbook. John Wiley & Sons, 2014, 648 p.
13. Cross M. Developer’s guide to web application security. Elsevier, 2007, 500 p. doi: 10.1016/B978-1-59749-061-0.X5000-1
14. Beliaev A., Petrenko S. Anomaly detection systems: novel Ideas for data protection. Available at: http://citforum.ru/security/articles/ anomalis/ (accessed: 14.02.2020). (in Russian)
15. Tsyganenko N.P. The static analysis of mobile applications code as vulnerabilities detection method. Proceedings of BSTU. Physics and Mathematics. Informatics, 2015, no. 6(179), pp. 200–203. (in Russian)
16. Markov A.S., Matveev V.A., Fadin A.A., Tsirlov V.L. Heuristic analysis of source code security. Herald of the Bauman Moscow State Technical University. Series Instrument Engineering, 2016, no. 1, pp. 98–111. (in Russian)
17. Ikonnikov M.A., Karmanov I.N. Measures and requirements to protected web applications. Interexpo GEO-Siberia, 2019, vol. 6, no. 2, pp. 13–19. (in Russian). doi: 10.33764/2618-981X-2019-6-2-13-19
18. Barabanov A., Lavrov A., Markov A., Polotnyanschikov I. A Study of Cross-Site Request Forgeries During Software Security Evaluation. Voprosy kiberbezopasnosti, 2016, no. 5, pp. 43–49. (in Russian). doi: 10.21581/2311-3456-2016-5-43-50.
19. Barabanov A., Markov A., Fadin A., Tsirlov V. Statistics of Software Vulnerabilities Detection During Certified Testing. Voprosy kiberbezopasnosti, 2017, no. 2, pp. 2–8. (in Russian). doi: 10.21581/2311-3456-2017-2-2-8
20. OWASP TOP 10 – 2017. The Ten Most Critical Web Application Security Risks. OWASP Foundation, 2017, 23 p.
21. Geetha K., Sreenath N. SYN flooding attack — Identification and analysis. Proc. International Conference on Information Communication and Embedded Systems (ICICES 2014), 2014, pp. 1–7. doi: 10.1109/ICICES.2014.7033828
22. Markov A., Tsirlov V. Experience in identifying vulnerabilities in software. Voprosy kiberbezopasnosti, 2013, no. 1, pp. 42–48. (in Russian)
23. Yakovlev G.O., Batetnikov I.A. Securing third-party web application components. Bulletin of Science and Education, 2019, no. 9-2(63), pp. 6–9. (in Russian)
24. Chuklyaev E.I. The modern technologies of static and dynamic analysis of software. H&ES Research, 2016, vol. 8, no. S2, pp. 56–60. (in Russian)
25. Shishkin Yu.E. Optimization of cloud services anomalies detection. Science, Technology and Education, 2017, no. 4(34), pp. 62–65. (in Russian). doi: 10.20861/2312-8267-2017-34-002
26. Skabtcov N. Audit of Information Systems Security. St.Petersburg, Piter Publ., 2018, 272 p. (in Russian)
27. Artamonov A.S., Ivanov A.Yu. Advanced methods of analysis of information flows in the sphere of security of the automated systems of emercom of Russia (information-analytical review - part 2). Vestnik sankt-peterburgskogo universiteta GPS MCHS Rossii, 2017, no. 1, pp. 74–83. (in Russian). doi: 10.24411/2218-130X-2017-00035
28. Chang J., Venkatasubramanian K., West A.G., Kannan S., Sokolsky O., Kim M.J., Lee I. ToMaTo: A trustworthy code mashup development tool. Proc. 5th International Workshop on Web APIs and Service, Mashups’11, 2011, pp. 18. Available at: https://dl.acm.org/ doi/10.1145/2076006.2076012 (accessed: 31.03.2020). doi: 10.1145/2076006.2076012
29. Namiot D., Romanov V. On data mining for software repositories. International Journal of Open Information Technologies. 2018, vol. 6. no 4. pp. 1823.Available at: https://cyberleninka.ru/article/n/analiz-dannyh- dlya-programmnyh-repozitoriev (accessed: 23.02.2020). (in Russian)
30. Wang H., Zhang D., Shin K.G. Detecting syn flooding attacks. Proc. 21st Annual Joint Conference of the IEEE Computer and Communications Societies. INFOCOM-2002, 2002, vol. 3, pp. 1530– 1539. doi: 10.1109/INFCOM.2002.1019404
31. Ertaul L., Martirosyan Y. Implementation of a Web Application for Evaluation of Web Application Security Scanners. Proc. International Conference on Security and Management, 2012, pp. 82–89.
32. Rafique S., Humayun M., Gul Z., Abbas A., Javed H. Systematic Review of Web Application Security Vulnerabilities Detection Methods. Journal of Computer and Communications, 2015, vol. 3, no. 9, pp. 28–40. doi: 10.4236/jcc.2015.39004
33. Odinokaya M.A. About the effective usage of modern tech nologies of the creation of interactive web-documents. Interactive science, 2017, no. 3(13), pp. 55–56. Available at: https://cyberleninka.ru/ article/n/ob-effektivnom-ispolzovanii-sovremennyh-tehnologiy- sozdaniya-interaktivnyh-veb-dokumentov-1 (accessed: 22.02.2020). (in Russian). doi: 10.21661/r-118243
34. Novozhylov A.V., Akulov G.S. Browsers support of HTML5 and CSS3. Russian Universities Reports. Mathematics. 2014, vol. 19,
no. 2, pp. 663–665. Available at: https://cyberleninka.ru/article/n/ podderzhka-brauzerami-tehnologiy-html5-i-css3 (accessed: 22.02.2020). (in Russian)
35. Butin A.А. Methodical aspects of development of protection systems software. Bulletin of Science and Education, 2018, no. 16-1(52), pp. 30–36. Available at: https://cyberleninka.ru/article/n/ metodicheskie-aspekty-razrabotki-sistem-zaschity-programmnogo- obespecheniya (accessed: 22.02.2020). (in Russian)
36. Grigorev S.V., Kovalev D.A. Syntax analysis of context-free approximation of dynamically generated code. University news. North-Caucasian region. Technical sciences series, 2017, no. 3(195), pp. 43–48. Available at: https://cyberleninka.ru/article/n/algoritm- sintaksicheskogo-analiza-kontekstno-svobodnoy-approksimatsii- dinamicheski-formiruemogo-koda (accesed: 22.02.2020). (in Russian). doi: 10.17213/0321-2653-2017-3-43-48
37. Kulyasov N.V., Isaev S.V. Investigation of the network anomalies of the corporate network of Krasnoyarsk scientific center. Siberian Journal of Science and Technology, vol. 19, no. 3, pp. 412–422. Available at: https://cyberleninka.ru/article/n/issledovanie-setevyh- anomaliy-korporativnoy-seti-krasnoyarskogo-nauchnogo-tsentra (accessed: 22.02.2020). (in Russian). doi: 10.31772/2587-6066-2018- 19-3-412-422
38. Zuev V.N., Efimov A.Yu. Neural network user behavior analysis for detecting host-level intrusion. Software & Systems, 2019, no. 2, pp. 268–272. Available at: https://cyberleninka.ru/article/n/ neyrosetevoy-povedencheskiy-analiz-deystviy-polzovatelya-v- tselyah-obnaruzheniya-vtorzheniy-urovnya-uzla (accessed: 22.02.2020). (in Russian). doi: 10.15827/0236-235X.126.268-272
39. Vishnevsky A. Content Based Attack Detection in Web-Oriented Honeypots. Voprosy kiberbezopasnosti, 2018, no. 3(27), pp. 54–62. Available at: https://cyberleninka.ru/article/n/obmannaya-sistema- dlya-vyyavleniya-hakerskih-atak-osnovannaya-na-analize- povedeniya-posetiteley-veb-saytov (accessed: 22.02.2020). (in Russian). doi: 10.21681/2311-3456-2018-3-54-62
40. Burlakov M.E., Ivkin A.N. Intrusion detection system based on the artificial immune system. PNRPU Bulletin. Electrotechnics, Informational Technologies, Control Systems, 2019, no. 29, pp. 209–
224. Available at: https://cyberleninka.ru/article/n/sistema- obnaruzheniya-vtorzheniya-na-osnove-iskusstvennoy-immunnoy- sistemy (accessed: 22.02.2020). (in Russian)
2. Zaytsev A.S., Malyuk A.A. Development of information security insider threat classification using incident clustering. IT Security, 2016, vol. 23, no. 3, pp. 20–33. (in Russian)
3. Garin E.V., Meshcheryakov R.V. Method for determination of the social graph orientation by the analysis of the vertices valence in the connectivity component. Bulletin of the South Ural State University. Series: Mathematics. Mechanics. Physics, 2017, vol. 9, no. 4, pp. 5–12. doi: 10.14529/mmph170401
4. Stuttard D., Pinto M. The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws. Wiley Publ., 2011, 912 p.
5. Meyksin S.M. Bank security. Bulletin of Science and Education, 2019, no. 4-2(58), pp. 53–55. Available at: https://cyberleninka.ru/ article/n/bezopasnost-bankov (accessed: 23.02.2020). (in Russian)
6. Sukiasyan V.M., Pridius E.S. Contemporary principles and approaches to frontend web architecture. Science, Technology and Education, 2019, no 10(63). pp. 54–57. (in Russian)
7. Tomilov I.O., Trifanov A.V. Fuzzing. Gray-box method. Interexpo GEO-Siberia, 2017, vol. 9, no. 2, pp. 75–80. (in Russian)
8. Melnikov V.G., Greben A.E., Makarova D.G. Investigation of open source firewalls for web applications. Interexpo GEO-Siberia, 2018, no. 7, pp. 233–236. (in Russian)
9. Melnikov V.G., Trifanov A.V. WAF bypass. Interexpo GEO-Siberia, 2017, vol. 9, no. 2, pp. 113–117. (in Russian)
10. Semenova Z.V., Danilova O.T., Kovshar I.R. The analysis of security of a stack of technologies for development of web-resources. Dynamics of Systems, Mechanisms and Machines, 2019, vol. 7, no. 4, pp. 98–105. Available at: https://cyberleninka.ru/article/n/analiz- bezopasnosti-steka-tehnologiy-dlya-razrabotki-web-resursov (accessed: 23.02.2020). (in Russian)
11. Fogie S., Grossman J., Hansen R., Rager A., Petkov P. XSS Attacks: Cross Site Scripting Exploits and Defense, Oxford, Elsevier, 2007, 448 p.
12. Alcorn W., Frichot Ch., Orrù M. The Browser Hacker’s Handbook. John Wiley & Sons, 2014, 648 p.
13. Cross M. Developer’s guide to web application security. Elsevier, 2007, 500 p. doi: 10.1016/B978-1-59749-061-0.X5000-1
14. Beliaev A., Petrenko S. Anomaly detection systems: novel Ideas for data protection. Available at: http://citforum.ru/security/articles/ anomalis/ (accessed: 14.02.2020). (in Russian)
15. Tsyganenko N.P. The static analysis of mobile applications code as vulnerabilities detection method. Proceedings of BSTU. Physics and Mathematics. Informatics, 2015, no. 6(179), pp. 200–203. (in Russian)
16. Markov A.S., Matveev V.A., Fadin A.A., Tsirlov V.L. Heuristic analysis of source code security. Herald of the Bauman Moscow State Technical University. Series Instrument Engineering, 2016, no. 1, pp. 98–111. (in Russian)
17. Ikonnikov M.A., Karmanov I.N. Measures and requirements to protected web applications. Interexpo GEO-Siberia, 2019, vol. 6, no. 2, pp. 13–19. (in Russian). doi: 10.33764/2618-981X-2019-6-2-13-19
18. Barabanov A., Lavrov A., Markov A., Polotnyanschikov I. A Study of Cross-Site Request Forgeries During Software Security Evaluation. Voprosy kiberbezopasnosti, 2016, no. 5, pp. 43–49. (in Russian). doi: 10.21581/2311-3456-2016-5-43-50.
19. Barabanov A., Markov A., Fadin A., Tsirlov V. Statistics of Software Vulnerabilities Detection During Certified Testing. Voprosy kiberbezopasnosti, 2017, no. 2, pp. 2–8. (in Russian). doi: 10.21581/2311-3456-2017-2-2-8
20. OWASP TOP 10 – 2017. The Ten Most Critical Web Application Security Risks. OWASP Foundation, 2017, 23 p.
21. Geetha K., Sreenath N. SYN flooding attack — Identification and analysis. Proc. International Conference on Information Communication and Embedded Systems (ICICES 2014), 2014, pp. 1–7. doi: 10.1109/ICICES.2014.7033828
22. Markov A., Tsirlov V. Experience in identifying vulnerabilities in software. Voprosy kiberbezopasnosti, 2013, no. 1, pp. 42–48. (in Russian)
23. Yakovlev G.O., Batetnikov I.A. Securing third-party web application components. Bulletin of Science and Education, 2019, no. 9-2(63), pp. 6–9. (in Russian)
24. Chuklyaev E.I. The modern technologies of static and dynamic analysis of software. H&ES Research, 2016, vol. 8, no. S2, pp. 56–60. (in Russian)
25. Shishkin Yu.E. Optimization of cloud services anomalies detection. Science, Technology and Education, 2017, no. 4(34), pp. 62–65. (in Russian). doi: 10.20861/2312-8267-2017-34-002
26. Skabtcov N. Audit of Information Systems Security. St.Petersburg, Piter Publ., 2018, 272 p. (in Russian)
27. Artamonov A.S., Ivanov A.Yu. Advanced methods of analysis of information flows in the sphere of security of the automated systems of emercom of Russia (information-analytical review - part 2). Vestnik sankt-peterburgskogo universiteta GPS MCHS Rossii, 2017, no. 1, pp. 74–83. (in Russian). doi: 10.24411/2218-130X-2017-00035
28. Chang J., Venkatasubramanian K., West A.G., Kannan S., Sokolsky O., Kim M.J., Lee I. ToMaTo: A trustworthy code mashup development tool. Proc. 5th International Workshop on Web APIs and Service, Mashups’11, 2011, pp. 18. Available at: https://dl.acm.org/ doi/10.1145/2076006.2076012 (accessed: 31.03.2020). doi: 10.1145/2076006.2076012
29. Namiot D., Romanov V. On data mining for software repositories. International Journal of Open Information Technologies. 2018, vol. 6. no 4. pp. 1823.Available at: https://cyberleninka.ru/article/n/analiz-dannyh- dlya-programmnyh-repozitoriev (accessed: 23.02.2020). (in Russian)
30. Wang H., Zhang D., Shin K.G. Detecting syn flooding attacks. Proc. 21st Annual Joint Conference of the IEEE Computer and Communications Societies. INFOCOM-2002, 2002, vol. 3, pp. 1530– 1539. doi: 10.1109/INFCOM.2002.1019404
31. Ertaul L., Martirosyan Y. Implementation of a Web Application for Evaluation of Web Application Security Scanners. Proc. International Conference on Security and Management, 2012, pp. 82–89.
32. Rafique S., Humayun M., Gul Z., Abbas A., Javed H. Systematic Review of Web Application Security Vulnerabilities Detection Methods. Journal of Computer and Communications, 2015, vol. 3, no. 9, pp. 28–40. doi: 10.4236/jcc.2015.39004
33. Odinokaya M.A. About the effective usage of modern tech nologies of the creation of interactive web-documents. Interactive science, 2017, no. 3(13), pp. 55–56. Available at: https://cyberleninka.ru/ article/n/ob-effektivnom-ispolzovanii-sovremennyh-tehnologiy- sozdaniya-interaktivnyh-veb-dokumentov-1 (accessed: 22.02.2020). (in Russian). doi: 10.21661/r-118243
34. Novozhylov A.V., Akulov G.S. Browsers support of HTML5 and CSS3. Russian Universities Reports. Mathematics. 2014, vol. 19,
no. 2, pp. 663–665. Available at: https://cyberleninka.ru/article/n/ podderzhka-brauzerami-tehnologiy-html5-i-css3 (accessed: 22.02.2020). (in Russian)
35. Butin A.А. Methodical aspects of development of protection systems software. Bulletin of Science and Education, 2018, no. 16-1(52), pp. 30–36. Available at: https://cyberleninka.ru/article/n/ metodicheskie-aspekty-razrabotki-sistem-zaschity-programmnogo- obespecheniya (accessed: 22.02.2020). (in Russian)
36. Grigorev S.V., Kovalev D.A. Syntax analysis of context-free approximation of dynamically generated code. University news. North-Caucasian region. Technical sciences series, 2017, no. 3(195), pp. 43–48. Available at: https://cyberleninka.ru/article/n/algoritm- sintaksicheskogo-analiza-kontekstno-svobodnoy-approksimatsii- dinamicheski-formiruemogo-koda (accesed: 22.02.2020). (in Russian). doi: 10.17213/0321-2653-2017-3-43-48
37. Kulyasov N.V., Isaev S.V. Investigation of the network anomalies of the corporate network of Krasnoyarsk scientific center. Siberian Journal of Science and Technology, vol. 19, no. 3, pp. 412–422. Available at: https://cyberleninka.ru/article/n/issledovanie-setevyh- anomaliy-korporativnoy-seti-krasnoyarskogo-nauchnogo-tsentra (accessed: 22.02.2020). (in Russian). doi: 10.31772/2587-6066-2018- 19-3-412-422
38. Zuev V.N., Efimov A.Yu. Neural network user behavior analysis for detecting host-level intrusion. Software & Systems, 2019, no. 2, pp. 268–272. Available at: https://cyberleninka.ru/article/n/ neyrosetevoy-povedencheskiy-analiz-deystviy-polzovatelya-v- tselyah-obnaruzheniya-vtorzheniy-urovnya-uzla (accessed: 22.02.2020). (in Russian). doi: 10.15827/0236-235X.126.268-272
39. Vishnevsky A. Content Based Attack Detection in Web-Oriented Honeypots. Voprosy kiberbezopasnosti, 2018, no. 3(27), pp. 54–62. Available at: https://cyberleninka.ru/article/n/obmannaya-sistema- dlya-vyyavleniya-hakerskih-atak-osnovannaya-na-analize- povedeniya-posetiteley-veb-saytov (accessed: 22.02.2020). (in Russian). doi: 10.21681/2311-3456-2018-3-54-62
40. Burlakov M.E., Ivkin A.N. Intrusion detection system based on the artificial immune system. PNRPU Bulletin. Electrotechnics, Informational Technologies, Control Systems, 2019, no. 29, pp. 209–
224. Available at: https://cyberleninka.ru/article/n/sistema- obnaruzheniya-vtorzheniya-na-osnove-iskusstvennoy-immunnoy- sistemy (accessed: 22.02.2020). (in Russian)