{"id":179,"date":"2020-03-16T05:42:42","date_gmt":"2020-03-16T05:42:42","guid":{"rendered":"https:\/\/arms10.org\/publication\/?p=179"},"modified":"2020-03-16T05:42:44","modified_gmt":"2020-03-16T05:42:44","slug":"defending-web-sites","status":"publish","type":"post","link":"https:\/\/arms10.org\/publication\/defending-web-sites\/","title":{"rendered":"Defending Web Sites"},"content":{"rendered":"\n<h2><a href=\"https:\/\/arudhrainnovations.com\/\"> Defending Web Sites <\/a><\/h2>\n\n\n\n<p> Web sites have been great diversity because of theirpurposes  and  structures  today  and  many  web  sites  are  workingon  hosting  services.  A  hosting  service  is  one  of  the  networkservices  for  outsourcing  construction  and  maintenance  of  theservers.  Thus,  the  web  site  operators  are  free  from  hardwaresetting  and  server  maintenance.  On  the  other  hand,  web  siteshave  been  exposed  to  cyber  attacks.  To  counter  those  web  siteattacks, hosting service providers should monitor their web sites.However, in many cases, it is difficult for the service providers toanalyze  such  attacks  with  full  information  because  of  contractsabout a protection of personal information. As another approach,it  is  effective  to  construct  server  side  honeypots  and  observemalicious  access  to  them.  Unfortunately,  honeypots  could  notalways observe all type of attacks because of the diversity of websites. In this paper, we propose a novel approach for keeping upsecurity  intelligence  and  strengthening  countermeasures  againstweb attacks on a hosting service. Our approach helps the serviceproviders  to  protect  their  customers  web  sites  by  combiningthe  analysis  of  IDS  logs  and  web  access  logs  provided  fromthese  sites  and  dedicated  honeypots  for  observing  web  attacks.The honeypots keep learning interactions from the actual hostedsites,  and  attract  attackers  by  mimicking  the  sites  to  gain  theintelligence  on  malicious  web  attacks.  We  also  describe  the  casestudy in a hosting service on our university, in which suspicious requests are confirmed  to  be  malicious  by  our  approach. <\/p>\n\n\n\n<p> Web sites have been great diversity because of their pur-poses and structures today. There are a great deal kinds of websites from a private blog to a huge banking site. According tothem, many kinds of web applications are working on eachweb site. Some web applications are developed and integratedoriginally. Some other web applications are working on thedistributed application packages. For example, WordPress isone of the most common web application packages for contents management systems (CMS) [1].When web site operators construct and maintain their websites, it is much easier by using hosting services than arrangingtheir own machines. A hosting service is one of the networkservices for outsourcing construction and maintenance servers.By contracting to the hosting services, the hosting serviceallocates the servers to the operators. They can deploy andupdate their web applications on the allocated servers through network. Thus, the web site operators are free from hardwaresetting and server maintenance. Today, many web sites areworking on those hosting services.On the other hand, attacks against web sites have also beenone of the most serious threats. Attackers always search websites and try to intrude them with vulnerabilities and miscon-figuration. In many cases, those victim web sites are com-promised by the attackers and become their fingers for theirnext attacking. Especially for the hosting services providers,the existence of attackers\u2019 finger sites causes the deterioratingof their service levels and falling into disrepute.To counter those web site attacks, there are also many kindsof security systems like intrusion detection systems (IDS)andetc. Those systems are good at detecting known attacksbecause their detections are based on the recognized vulner-abilities and patterns reported somewhere already. In recentyears, however, some attacks avoids such security systemswhen their attacks are with complicated patterns. And whatwas worse, updating application packages and developing new web applications has the risk of generating such novel attacks with such patterns. Thus, in order to detect those novel type of attacks, it is necessary for the web site operators and hosting service providers to keep up with such daily-updated attacksand strengthen their countermeasures.                                                                      <a href=\"https:\/\/arudhrainnovations.com\/\">Web Design Company Arudhra Innovations <\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/arudhrainnovations.com\/\"><img loading=\"lazy\" width=\"754\" height=\"506\" src=\"https:\/\/arms10.org\/publication\/wp-content\/uploads\/2020\/03\/logo_arudhrainnovations.png\" alt=\" Defending Web Sites \n\" class=\"wp-image-180\" srcset=\"https:\/\/arms10.org\/publication\/wp-content\/uploads\/2020\/03\/logo_arudhrainnovations.png 754w, https:\/\/arms10.org\/publication\/wp-content\/uploads\/2020\/03\/logo_arudhrainnovations-300x201.png 300w\" sizes=\"(max-width: 754px) 100vw, 754px\" \/><\/a><\/figure>\n\n\n\n<p> This paper proposes novel approach for keeping up with se-curity intelligence and strengthening countermeasures againstweb attack. We present our approach as a combination withweb access log analysis and honeypot observing system,Wamber. Wamber is working for a hosting service providerwho can access to his web site access log and IDS log. Byreceiving real responses from web sites under the hostingservice, it can create dummy interactions suitable for thehoneypot which observe web attacks against the hosting ser-vices. With YNU web hosting service log, we also describe the case study of creating dummy interactions. In our casestudy, we can gain the detail POST data in login requeststo WordPress applications. This helps the hosting service provider understanding attackers malice and preventing fromthe requests as an attack with strong confidence.As future work, we implement Wamber system involve da hosting service. We turn the Wamber cycle and verify the effectiveness. Furthermore, we solve the problems that our sys-tem troubles to good users. The honeypot in Wamber performs web access interactions to lure attackers on the Internet. Thus,we should consider the possibility of our honeypot deceiving even good users.<a href=\"https:\/\/arudhrainnovations.com\/\"> https:\/\/arudhrainnovations.com\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Defending Web Sites Web sites have been great diversity because of theirpurposes and structures today and many web sites are workingon hosting services. A hosting service is one of the networkservices for outsourcing construction and maintenance of theservers. Thus, the&#8230; <a class=\"direadmore\" href=\"https:\/\/arms10.org\/publication\/defending-web-sites\/\"> Continue Reading&#8230;<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[70,35],"tags":[33],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v15.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Defending Web Sites - International Conference Publications<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/arms10.org\/publication\/defending-web-sites\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Defending Web Sites - International Conference Publications\" \/>\n<meta property=\"og:description\" content=\"Defending Web Sites Web sites have been great diversity because of theirpurposes and structures today and many web sites are workingon hosting services. A hosting service is one of the networkservices for outsourcing construction and maintenance of theservers. Thus, the... Continue Reading&#8230;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/arms10.org\/publication\/defending-web-sites\/\" \/>\n<meta property=\"og:site_name\" content=\"International Conference Publications\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-16T05:42:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-03-16T05:42:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/arms10.org\/publication\/wp-content\/uploads\/2020\/03\/logo_arudhrainnovations.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/arms10.org\/publication\/#website\",\"url\":\"https:\/\/arms10.org\/publication\/\",\"name\":\"International Conference Publications\",\"description\":\"Web Design and Hosting\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/arms10.org\/publication\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/arms10.org\/publication\/defending-web-sites\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/arms10.org\/publication\/wp-content\/uploads\/2020\/03\/logo_arudhrainnovations.png\",\"width\":754,\"height\":506},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/arms10.org\/publication\/defending-web-sites\/#webpage\",\"url\":\"https:\/\/arms10.org\/publication\/defending-web-sites\/\",\"name\":\"Defending Web Sites - International Conference Publications\",\"isPartOf\":{\"@id\":\"https:\/\/arms10.org\/publication\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/arms10.org\/publication\/defending-web-sites\/#primaryimage\"},\"datePublished\":\"2020-03-16T05:42:42+00:00\",\"dateModified\":\"2020-03-16T05:42:44+00:00\",\"author\":{\"@id\":\"https:\/\/arms10.org\/publication\/#\/schema\/person\/09cefbaab3c57b044c39ce0c7bfcc315\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/arms10.org\/publication\/defending-web-sites\/\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/arms10.org\/publication\/#\/schema\/person\/09cefbaab3c57b044c39ce0c7bfcc315\",\"name\":\"Writer\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/arms10.org\/publication\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d842b0618de314aaca09da5e8507652?s=96&d=mm&r=g\",\"caption\":\"Writer\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/posts\/179"}],"collection":[{"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/comments?post=179"}],"version-history":[{"count":1,"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/posts\/179\/revisions"}],"predecessor-version":[{"id":181,"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/posts\/179\/revisions\/181"}],"wp:attachment":[{"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/media?parent=179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/categories?post=179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arms10.org\/publication\/wp-json\/wp\/v2\/tags?post=179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}