Web sites have been great diversity because of theirpurposes and structures today and many web sites are workingon hosting services. A hosting service is one of the networkservices for outsourcing construction and maintenance of theservers. Thus, the web site operators are free from hardwaresetting and server maintenance. On the other hand, web siteshave been exposed to cyber attacks. To counter those web siteattacks, hosting service providers should monitor their web sites.However, in many cases, it is difficult for the service providers toanalyze such attacks with full information because of contractsabout a protection of personal information. As another approach,it is effective to construct server side honeypots and observemalicious access to them. Unfortunately, honeypots could notalways observe all type of attacks because of the diversity of websites. In this paper, we propose a novel approach for keeping upsecurity intelligence and strengthening countermeasures againstweb attacks on a hosting service. Our approach helps the serviceproviders to protect their customers web sites by combiningthe analysis of IDS logs and web access logs provided fromthese sites and dedicated honeypots for observing web attacks.The honeypots keep learning interactions from the actual hostedsites, and attract attackers by mimicking the sites to gain theintelligence on malicious web attacks. We also describe the casestudy in a hosting service on our university, in which suspicious requests are confirmed to be malicious by our approach.
Web sites have been great diversity because of their pur-poses and structures today. There are a great deal kinds of websites from a private blog to a huge banking site. According tothem, many kinds of web applications are working on eachweb site. Some web applications are developed and integratedoriginally. Some other web applications are working on thedistributed application packages. For example, WordPress isone of the most common web application packages for contents management systems (CMS) .When web site operators construct and maintain their websites, it is much easier by using hosting services than arrangingtheir own machines. A hosting service is one of the networkservices for outsourcing construction and maintenance servers.By contracting to the hosting services, the hosting serviceallocates the servers to the operators. They can deploy andupdate their web applications on the allocated servers through network. Thus, the web site operators are free from hardwaresetting and server maintenance. Today, many web sites areworking on those hosting services.On the other hand, attacks against web sites have also beenone of the most serious threats. Attackers always search websites and try to intrude them with vulnerabilities and miscon-figuration. In many cases, those victim web sites are com-promised by the attackers and become their fingers for theirnext attacking. Especially for the hosting services providers,the existence of attackers’ finger sites causes the deterioratingof their service levels and falling into disrepute.To counter those web site attacks, there are also many kindsof security systems like intrusion detection systems (IDS)andetc. Those systems are good at detecting known attacksbecause their detections are based on the recognized vulner-abilities and patterns reported somewhere already. In recentyears, however, some attacks avoids such security systemswhen their attacks are with complicated patterns. And whatwas worse, updating application packages and developing new web applications has the risk of generating such novel attacks with such patterns. Thus, in order to detect those novel type of attacks, it is necessary for the web site operators and hosting service providers to keep up with such daily-updated attacksand strengthen their countermeasures. Web Design Company Arudhra Innovations
This paper proposes novel approach for keeping up with se-curity intelligence and strengthening countermeasures againstweb attack. We present our approach as a combination withweb access log analysis and honeypot observing system,Wamber. Wamber is working for a hosting service providerwho can access to his web site access log and IDS log. Byreceiving real responses from web sites under the hostingservice, it can create dummy interactions suitable for thehoneypot which observe web attacks against the hosting ser-vices. With YNU web hosting service log, we also describe the case study of creating dummy interactions. In our casestudy, we can gain the detail POST data in login requeststo WordPress applications. This helps the hosting service provider understanding attackers malice and preventing fromthe requests as an attack with strong confidence.As future work, we implement Wamber system involve da hosting service. We turn the Wamber cycle and verify the effectiveness. Furthermore, we solve the problems that our sys-tem troubles to good users. The honeypot in Wamber performs web access interactions to lure attackers on the Internet. Thus,we should consider the possibility of our honeypot deceiving even good users. https://arudhrainnovations.com/