VEB-HUJUMLARDAN TRAFIKNI VEB-FILTRLASH ARXITEKTURASI
Keywords:
Veb hujumlar, WTF, zararli traffik, veb traffik, veb server, WAF, XSS, SQL inektsiya, dekoder, veb filter, IP filterlash.Abstract
Ushbu maqolada trafikni filtirlash orqali veb hujumlarning oldini olish arhitekturasi ishlab chiqilgan va tasniflangan. WFT larni ishlash mexanizimlari va uning imkoniyatlari tavsifi keltirilgan. Taklif qilinyotgan WFT arxitekturasi qanday xizmatlarni bajarishi va natija bo‘yicha qanday qarorlar qabul qilishi ko‘rsatilgan.
Tadqiqot natijalariga koʻra trafik harakatini kuzatuvchi va zaifliklar bo‘yicha qanday choralar ko‘rishni hal qiladigan WFT xavfsizlik devorlarini belgilangan. Sakkizta asosiy blokdan iborat so‘rovni qayta ishlash arxitekturasi taklif etilgan va har bir bloklarning tarkibiy qismlari keltirilgan.
Ushbu maqola tadqiqotchilar va kiberxavfsizlik mutaxassislari uchun zamonaviy veb hujumlarni oldini olishni amalga oshirishda foydali bo‘lishi mumkin.
References
A. Osincev and O. R. Laponina, “Vulnerability testing in web applications external entities XML,” International Journal of Open Information Technologies, vol.7, no.10, pp.71–79, 2019.
P.P.MukkamalaandS .Rajendran,“A survey on the different firewall technologies,” International Journal of Engineering Applied Sciences and Technology, vol. 5, no. 1, pp. 363–365, 2020.
W. Wang and K. Siau, “Artificial intelligence, machine learning, automation, robotics, future of work and future of humanity,” Journal of Database Management, vol. 30, pp. 61–79, 2019.
J.Doshiand T. Bhushan, “ Sensitive data exposure prevention using dynamic database security policy,” International Journal of Computer Application, vol. 106, no. 15, pp. 18600–19869, 2014.
M.-H. Huang and R. T. Rust, “Artificial intelligence in service,” Journal of Service Research, vol. 21, no. 2, pp.155–172, 2018.
J.H.Li,“Cyber security meets artificial intelligence: asurvey,” Frontiers of Information Technology & Electronic Engineering, vol. 19, no. 12, pp. 1462–1474, 2018.
P.P.MukkamalaandS. Rajendran, “A survey on the different firewall technologies,” International Journal of Engineering Applied Sciences and Technology, vol. 5, no. 1, pp. 363–365, 2020
Akbar Memen, Ridha Muhammad Arif Fadhly, et al., SQL injection and cross site scripting prevention using OWASP ModSecurity WebApplication firewall, Int. J. Inf. Visualization, 2018, vol. 2, no. 4. pp. 286–292.
Yuan, H. et al., Research and implementation of WEB application firewall based on feature matching, Proc.Int. Conf. on Application of Intelligent Systems in Multi-modal Information Analytics, Springer, 2019, pp. 1223–1231.
Domingues Junior, M. and Ebecken, N.F.F. (2021) ‘A new WAF architecture with machine learning for Resource-efficient use’, Computers & Security, 106, p. 102290. doi:10.1016/j.cose.2021.102290.
D. Wichers and J. Williams, "Owasp Top Ten," 9e open web application security project, vol. 3, 2017
K. Dalai and S. Kumar Jena, “Neutralizing SQL Injection Attack Using Server Side Code Modification in Web applications,” Security and Communication Networks, vol. 2017, Article ID 3825373, 2017.
D. Mitropoulos, V. Karakoidas, P. Louridas, and D. Spinellis, “Countering Code Injection Attacks: A Unified Approach,” Information Management& Computer Security, vol.19, no.3, 2011.