Semantic based Web Application Firewall - SWAF
Home Sitemap Contact us
Latest News SWAF Version 1.7 succesfully realeased to DTS Inc. Japan
Projects offerings for the Final Year Students
Semantic Web application Firewall is a research group in UG block at ground floor (SEECS). The research project and its different domains are explained below to help final year student in selecting their final year project

After the ubiquitous induction of computer, nations have discovered the fifth dimension of defense. Without going into further details, we, the IT people know how important to ensure data security. To equip ourselves for this fifth defense, we need to delve ourselves into cyber security technologies. In this era of cyber security, it is an individual, an organization or a whole country; everyone will have to prepare itself for the fifth defense. With the exponential raise of attacks, Web has become the hot spot for research community. The increasing security concerns made organizations to think seriously than ever before. Web world gets new attacks each day increasing its inventory which act as a night mare for the online companies. It is not that far and even witnessed now a days that we see business of all kinds on browser. Organizations after realizing the severity of cyber security are ready to invest heavily to defend against cyber attacks.

Network communication takes place through seven layers of OSI. These seven layers are the possible avenues for launching any attack, other than physical layers, Network security solutions have been researched a lot and are quite established. With this, focus of attackers has been shifted to application layers to launch malicious attempts. Application layer provides various avenues to break into the application. According to various survey reports, 90% of the Web applications have at least one serious vulnerability; that brings 80% of attacks just on application layer. Various security solutions exist on the application layer in the form of IDS/IPS, Firewall, vulnerability scanners etc, but they have been proved to be quite ineffective. With the enormous increase in application layer attacks, a new concept of application protection has been introduced by the security vendors called Web Application Firewall (WAF).

SWAF team has been working on finding various ways to cater applications layer attacks. Currently this group is working on following areas in application security:
  1. Semantic based Application layer Firewall
    1. Drive by Download
    2. Semantic Rule Generation
    3. Positive Security Model
  2. Semantic based Web Application Vulnerability Scanner
  3. Defining an Effective methodology for Web Pen Testing (Ethical Hacking)
  4. URL Categorization
    1. Automatic ontology creation from text
    2. Semantic text classification
Section wise description on above mentioned domains is given below
Drive by Download
The expression “Drive-by Download” (DbD), has been around since about 2002 but it has gained more attention recently in the context of increasing concern about escalating problems with Internet security and Internet-based identity fraud. DbD is maneuvering in software industry with different variations and risk of succumbing to DbD is a major concern for Internet users. A recent survey undertaken by Internet search company Google Inc, revealed that as many as 1 in 10 websites were acting as hosts for malware.

DbD is a phenomenon in which any software program is installed automatically on a user computer while surfing on the internet and the intent of this installation is to gain benefit over victim machine, e.g. it could be a stealing of sensitive information like stored passwords, personal data or using victim terminal as botnet to further spread malicious contents.

The present trend to deal DbD lies on the client side. The infected traffic coming all the way from the compromised or dedicated malicious domain is analyzed on client side (client honeypots, process state monitor etc). This is the conventional approach which is in practice; however; we have devised a methodology that sits on the server and nip the evil right from its inception. Our solution ensures the outgoing traffic (response) sanitization; if found with some malicious intent. Handling PDF exploits, malicious code and dealing with obfuscation are few of the important areas for work.
Semantic Rule Generation
A number of off-the-shelf firewalls are available to prevent breaching of web applications from commonly known attacks. These firewalls use signature for HTTP traffic inspection. These signatures are static in nature because of limited expressiveness, so, cannot tackle zero day attacks. These signatures are created manually. It is a time consuming task and prone to human errors. Moreover, these signatures do not take into account the context of the application and user requests dynamically, thus can be easily bypassed using evasion techniques.

Considering the issues associated with signature-based techniques, SWAF has developed a novice approach to deal these threats through ontology. SWAF uses semantic associations to overcome the limitations associated with existing solutions and this approach works fine. These threats are always finding obscure means to bypass the security solutions, in pursuance to this; we have plans to further enhance this approach to claim our system as an effective antidote. We are looking for energetic students who find this domain of their interest and have passion to work on it.
Semantic based Web Application Vulnerability Scanner
Ensuring security for web application lies on two levels; it is ensured through some firewall or with guaranteed code of the application having no vulnerability. The second scenario is an ideal situation that does not exist; however; the first one is in wide practice. Code optimization is a continuous process throughout the lifetime of any product. Same approach is adopted for web application through techniques that inspect the site thoroughly and identifies the probable vulnerabilities. Ensuring security through this way using the said approach is called the web application vulnerability scanning.

Web Application Vulnerability Scanners are tools designed to automatically scan web applications for potential vulnerabilities.
Pen Testing (Ethical Hacking)
A penetration testing is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. The intent of a penetration test is to determine the feasibility of an attack and the amount of business impact of a successful exploit, if discovered.
Automatic ontology creation from text
After the mass induction of computers in big organizations, demand for customized solutions, security products and smart solution is always there. Induction of web-based solution and its access through internet has really put business trends into fast gear. On the other hand, these organizations also worried about how to restrict un-wanted web-sites at their end. Blocking these sites one by one is effective but tedious and non-professional. There is a need for a comprehensive solution which could categorize URLs, based on their contents at runtime avoiding the manual effort to allow or disallow it.

The contents present in the web pages represent hetrogeneous contexts and these contexts are to be captured and represented. One way to represent this captured knowledge is via connected graphs also known as ontology. The ontology representation would help us further in inferencing knowledge which exist in the ontology and generated from the web pages.

The generatin of these ontology automatically would require some knowledge of Natual Language Processing.
Semantic text classification
The contents present in the web pages represent hetrogeneous contexts and these contexts are to be captured and represented. Once they are captured they are too be matched with a categorization onology to identify the possiable categories the text graph in macthed with. The graph nature of the text simplifies the process with complxity of improving matching algorith for the said problem.

This process has to be applied at two ends:
  1. Onoltogy extracted from the text to be matched with the categorizarion ontology for category representation.
  2. Policy matching that either requested web content match the policy defined by the organization.
Attraction and Motivation
  1. We are working in close collaboration with DTS Japan where you will experience the unique opportunities for handling the real world problems.
  2. Other than DTS we also maintain a close technical relationship with the following companies
    1. MIMOS (Malaysia)
    2. Raseen Technologies Dubai
    3. TechAccess and True Maredian (Pakistan)
  3. Opportunity to avail exciting training for “Pen Testing” from a renowned international vendor (Tranchulas)
  4. Outstanding candidates will be invited by DTS Japan (Company Discretion)
  5. Certificate (by DTS Japan) after the successful completion of the selected project
Semantic based Web Application Firewall - SWAF
Member Login
Download Trial Version
Follow us
Semantic based Web Application Firewall - SWAF
Home | Feedback | Blog | Contact us © 2010 - 2011 SWAF. All Rights Reserved