Web sites have been great diversity because of theirpurposes and structures today and many web sites are workingon hosting services. A hosting service is one of the networkservices for outsourcing construction and maintenance of theservers. Thus, the web site operators are free from hardwaresetting and server maintenance. On the other hand, web siteshave been exposed to cyber attacks. To counter those web siteattacks, hosting service providers should monitor their web sites.However, in many cases, it is difficult for the service providers toanalyze such attacks with full information because of contractsabout a protection of personal information. As another approach,it is effective to construct server side honeypots and observemalicious access to them. Unfortunately, honeypots could notalways observe all type of attacks because of the diversity of websites. In this paper, we propose a novel approach for keeping upsecurity intelligence and strengthening countermeasures againstweb attacks on a hosting service. Our approach helps the serviceproviders to protect their customers web sites by combiningthe analysis of IDS logs and web access logs provided fromthese sites and dedicated honeypots for observing web attacks.The honeypots keep learning interactions from the actual hostedsites, and attract attackers by mimicking the sites to gain theintelligence on malicious web attacks. We also describe the casestudy in a hosting service on our university.
Web sites have been great diversity because of their pur-poses and structures today. There are a great deal kinds of websites from a private blog to a huge banking site. According tothem, many kinds of web applications are working on eachweb site. Some web applications are developed and integratedoriginally. Some other web applications are working on thedistributed application packages. For example, WordPress isone of the most common web application packages for contentsmanagement systems (CMS) .When web site operators construct and maintain their websites, it is much easier by using hosting services than arrangingtheir own machines. A hosting service is one of the networkservices for outsourcing construction and maintenance servers.By contracting to the hosting services, the hosting serviceallocates the servers to the operators. They can deploy andupdate their web applications on the allocated servers throughnetwork. Thus, the web site operators are free from hardwaresetting and server maintenance. Today, many web sites areworking on those hosting services.On the other hand, attacks against web sites have also beenone of the most serious threats. Attackers always search websites and try to intrude them with vulnerabilities and miscon-figuration. In many cases, those victim web sites are com-promised by the attackers and become their fingers for theirnext attacking. Especially for the hosting services providers,the existence of attackers’ finger sites causes the deterioratingof their service levels and falling into disrepute.To counter those web site attacks, there are also many kindsof security systems like intrusion detection systems (IDS)andetc. Those systems are good at detecting known attacksbecause their detections are based on the recognized vulner-abilities and patterns reported somewhere already. In recentyears, however, some attacks avoids such security systemswhen their attacks are with complicated patterns. And whatwas worse, updating application packages and developing newweb applications has the risk of generating such novel attackswith such patterns. Thus, in order to detect those novel type ofattacks, it is necessary for the web site operators and hostingservice providers to keep up with such daily-updated attacksand strengthen their countermeasures. Arudhra Innovations SEO Digital Marketing Web Design
We suppose hosting service providers would like to monitorthe web sites under his service. For monitoring the access andthe behaviors for their web servers, the providers collect andanalyze security logs in general. By analyzing those logs andextract anomalous parts, they can grasp the occurrence of webattacks against their web sites. However, in many cases, it isdifficult to analyze such attacks with full information. First,the hosting service does not have a huge database to storefull log or information. Second, there is a contract about aprotection of personal information such that a hosting serviceprovider never collect detail informations around its customers(web site operators).As another approach, it is effective for hosting serviceproviders to construct server side honeypots and observemalicious access to them. A honeypot is a decoy system formonitoring and logging the activities of entities that probe,attack or compromise them. The providers can find maliciousaccess with sufficient logs and can grasp what kind of attacksoccur on the Internet. However, honeypots cannot alwaysobserve all type of attacks. Because of the diversity of websites, honeypots cannot simulate all kinds of interactions ofweb sites. As mentioned in , it is hard to construct honeypotswith intelligent interactions. Thus, existing honeypots canobserve only limited web attacksIn this paper, we propose a novel approach for keeping upwith security intelligence and strengthening countermeasuresagainst web attacks on a hosting service. This approach isa combination with log analysis and honeypot observing.We present our approach as a system on a hosting service,Wamber. We assume that it is possible to extract suspiciousweb requests from the deficient log. From those suspiciousweb requests, we can regenerate web request and responseinteractions through requesting such access to the real websites on the hosting service. Therefore, the honeypot learns thereal interactions based on the suspicious web requests. Whenthe same suspicious request arrives at the honeypot, it canobserve the traffic with learned interactions to make sure theyare indeed malicious. Thus, the hosting service providers gainmore information about attacks against their hosting services.Such information can be used to write signatures for IDS andIPS to further protect the websites. https://arudhrainnovations.com/