HTTP Requests Research Articles

Attacking Websites: Detecting and Preventing HTTP Request Smuggling Attacks

Until the development of HTTP request smuggling in 2005, individual HTTP requests were considered as independent entities and could not be split or merged. This is a security problem caused by inconsistent content length interpretation approach between web servers, or the web server is not fully implemented in accordance with the RFC standard. It is especially dangerous for web services with complex web architectures. It can route the victims to receive malicious responses, amplify the impact of certain low-threat vulnerabilities, steal user credentials, or bypass network devices’ defenses. However, since its concept and implementation are quite difficult to overcome, it is often ignored by many network administrators, making users who browse such websites vulnerable to the HTTP request smuggling attacks. This paper proposes a general solution to deal with various HTTP request smuggling attacks. A reverse proxy implemented by Flask validates and cleans dubious HTTP requests from the client side and ensures that the original requests comply with RFC standards. Therefore, the website administrators no longer need to configure complicated network settings or customize some open-source project codes to resist or minimize the risk of the HTTP request smuggling attacks. A series of experiments demonstrate that this method is effective and practical.

DualAC2NN: Revisiting and Alleviating Alert Fatigue from the Detection Perspective

The exponential expansion of Internet interconnectivity has led to a dramatic increase in cyber-attack alerts, which contain a considerable proportion of false positives. The overwhelming number of false positives cause tremendous resource consumption and delay responses to the really severe incidents, namely, alert fatigue. To cope with the challenge from alert fatigue, we focus on enhancing the capability of detectors to reduce the generation of false alerts from the detection perspective. The core idea of our work is to train a machine-learning-based detector to grasp the empirical intelligence of security analysts to estimate the feasibility of an incoming HTTP request to cause substantial threats, and integrate the estimation into the detection stage to reduce false alarms. To this end, we innovatively introduce the concept of attack feasibility to characterize the composition rationality of an inbound HTTP request as a feasible attack under static scrutinization. First, we adopt a fast request-reorganization algorithm to transform an HTTP request into the form of interface:payload pair for further alignment of structural components which can reveal the processing logic of the target program. Then, we build a dual-channel attention-based circulant convolution neural network (DualAC2NN) to integrate the attack feasibility estimation into the alert decision, by comprehensively considering the interface sensitivity, payload maliciousness, and their bipartite compatibility. Experiments on a real-world dataset show that the proposed method significantly reduces invalid alerts by around 86.37% and over 61.64% compared to a rule-based commercial WAF and several state-of-the-art methods, along with retaining a detection rate at 97.89% and a lower time overhead, which indicates that our approach can effectively mitigate alert fatigue from the detection perspective.

Detecting Cyber Attacks by Applying MachineLearning Techniques

Because of the growth in cloud services, the growing number of web applications customers, and modifications to network infrastructure that connects devices running several operating systems, cyber security is facing new challenges. For this reason, network security components, sensors and insurance conspiracies must also be developed to meet the needs and concerns of the customers in order to combat new threats. In this post, we focus on combating application layer cyber assaults, which are rankedas the most dangerous threats and the most important test for network and cyber security. Most of this essay focuses on machine learning as a method to cope with model normal use and to detect cyber threats. Chart-based division technique and dynamic programming were used in order to obtain examples in the form of Perl Compatible Regular Expressions (PCRE) ordinary expressions. Information is gathered through HTTP requests made by the client to a web worker, which is used in the model. Using the CSIC 2010 HTTP Dataset, we've been able to demonstrate the effectiveness of our approach.

A Study of Database Connection Pool in Microservice Architecture

The growing number of Internet presents a higher requirement to backend application systems nowadays to be designed to handle thousands of users traffic concurrently. Microservice architecture is also in a rising trend which they allow for each service to scale horizontally by their throughput and load helps to scale the system efficiently without waste of resources like in the traditional monolithic application system. Among the many strategies to optimize delivery, database connection pool helps backend systems to access databases efficiently by reusing database connections, thus eliminating the computationally expensive need to open and close connections with new requests. Additionally, database connection pools can also help improve the connection reliability for applications. This paper aims to determine the most suitable maximum amount of database connections in a microservice setting, where multiple instances of the service are used for scalability and high availability purposes of the system. To tackle the issue of scalability and to achieve high availability of our services, we propose running multiple instances of each of our services in production, especially for services that we anticipate will be hit the most during runtime. This is to allow load balancing of request load between multiple instances and having backup instances to serve HTTP requests when one of the instances is down. The result obtained in this experiment shows that 5 database connections give the best result in microservice settings as described in our methodology.

Threat modelling for serverless architectures identifying and mitigating risks in Function-As-A-Service (FAAS)

One significant method for developing software is Function as a Service (FaaS), which entails making little, tailored functions to deal with particular jobs. Coders put less emphasis on creating full apps and more on creating these functions that are called when certain events or requests come in. If you want to learn about and use Function as a Service, this article is for you. Customers using the serverless approach do not need to reserve hardware resources, which is a departure from the conventional cloud computing service model. Billing is dependent on real resource consumption, and code execution is event-driven (via HTTP requests, cron jobs, etc.). In exchange, the provider is liable for assigning resources and tasks. Serverless is most often seen as a public cloud service, although there are solutions being worked on and supported by strong players in the industry that will enable private cloud serverless platforms to be built. "Function as a Service" (FaaS), the initial serverless offering, has serious flaws that might cancel out any advantages for providers and customers alike, particularly when it comes to providers' capacity to multiplex resources and customers' ability to save money. Providers and tenants alike could save a ton of money and energy if these problems were solved. In order to prevent serverless from becoming the default cloud computing model, this chapter will provide a thorough overview of its limits and highlight state-of-the-art research to address these issues.

Traffic Optimization with Software-Defined Network Controller on a New User Interface

Software-defined networking (SDN) has emerged as a solution to the cumbersome structures of classical computer networks. It separates control and data planes to give independence to devices with respect to either traffic routing or network management. The two isolated planes communicate with each other via the help of software modules, which are located in an SDN controller, such as Floodlight, NOX, or Ryu. In this study, Floodlight is used and an SDN topology with 20 switches is constructed with Python code in Mininet. All algorithms have been coded with Java. The default routing algorithm in Floodlight is Dijkstra’s algorithm. Four different network optimization algorithms, namely Bellman-Ford, Ford-Fulkerson, Auction, and Dual Ascent algorithms, are utilized in ordinary network routing instead of Dijkstra’s algorithm. None of these four algorithms were used in SDN before and network implementations using Ford-Fulkerson, Auction, or Dual Ascent algorithms were scarce in the literature. The results are analyzed with multiple types of normalization on a new user interface communicating with Floodlight part via HTTP requests. There has not been a user interface that performs the same operations in Floodlight. In the future, this study may possibly be improved with considering normalization processes based on various proportions among the metric values and accounting the computational time of the algorithms.

METHODS TO SYNCHRONIZE DATA IN A MICROSERVICE ARCHITECTURE

This article discusses the problem of data synchronization methods using microservice architecture. Microservices is a popular and widespread software architecture today. The article reviews three main ways of interaction of microservices. They are event-based communication, interaction through direct HTTP requests and messaging, and also highlights and analyzes their advantages and disadvantages. The main purpose of the article is to analyze and make offer of the optimal option for solving the problem of synchronizing interacting microservices in real time. The optimal solution involves using the Apache Kafka message broker. It publishes data streams and subscriptions to them, as well as stores and processes them. Mathematical modeling of the proposed data synchronization method was described by constructing its state macine, as well as a system of canonical equations.

Design and Development of Soil Nutrients Level Detection System based on Soil Color and pH for Crop Recommendations using Fuzzy Algorithms

In recent years, modern farmers usually taking a soil sample to the laboratory or using a soil test kit to know soil macronutrients, i.e., nitrogen (N), phosphorus (P), and potassium (K), and pH to determine what kind of crop plant is suitable for their agriculture land. However, these manual methods are costly and time consumed. The characteristic of soil samples also possibly changing by time or contact during transport. This paper presents the design and development of a portable integrated soil macronutrient level and pH detection system that can analyze soil samples quickly. To give crop recommendations, IoT components and cloud-based fuzzy inference systems are used. The fuzzy algorithm decides the crop recommendation from the soil pH and level content of N, P, and K. The user can receive the crop recommendation via the android application. Data is sent from the portable system to the cloud system and vice versa using the internet network with HTTP request protocol. The accuracy test results of system plant decision on agricultural land were compared with the fuzzy logic method have a quite uniform crop output with a small error rate of 1,66%.

Understanding the Practices of Global Censorship through Accurate, End-to-End Measurements

It is challenging to conduct a large scale Internet censorship measurement, as it involves triggering censors through artificial requests and identifying abnormalities from corresponding responses. Due to the lack of ground truth on the expected responses from legitimate services, previous studies typically require a heavy, unscalable manual inspection to identify false positives while still leaving false negatives undetected. In this paper, we propose Disguiser, a novel framework that enables end-to-end measurement to accurately detect the censorship activities and reveal the censor deployment without manual efforts. The core of Disguiser is a control server that replies with a static payload to provide the ground truth of server responses. As such, we send requests from various types of vantage points across the world to our control server, and the censorship activities can be recognized if a vantage point receives a different response. In particular, we design and conduct a cache test to pre-exclude the vantage points that could be interfered by cache proxies along the network path. Then we perform application traceroute towards our control server to explore censors' behaviors and their deployment. With Disguiser, we conduct 58 million measurements from vantage points in 177 countries. We observe 292 thousand censorship activities that block DNS, HTTP, or HTTPS requests inside 122 countries, achieving a 106 false positive rate and zero false negative rate. Furthermore, Disguiser reveals the censor deployment in 13 countries.

Web Application Firewall Using Machine Learning and Features Engineering

Web application security has become a major requirement for any business, especially with the wide web attacks spreading despite the defensive measures and the continuous development of software frameworks and servers. In this study, we present a proposed model for a web application firewall that used machine learning and features engineering to detect common web attacks. Our proposed model analyses incoming requests to the webserver, parses these requests to extract four features that describe completely HTTP request parts (URL, payload, and headers), and classifies whether a request is normal or an anomaly. We took into consideration the limitation of previous works that use URL and payload only in classification and provided five features that describe and summarize all parts of the HTTP request using features engineering and previous experience in the field of the software security domain. Extracted features are length of request, percentage of characters allowed, percentage of special characters, and attack weight. These features were calculated for four different datasets CSIC 2010, HTTPParams 2015, Hybrid dataset (CSIC 2010 and HTTPParams), and real logs for the compromised web server. We evaluated our proposed model by using these updated datasets with four classification algorithms (Naive Bayes, logistic regression, decision tree, and support vector machine) with two methods (train test split and cross-validation) to negate the probability of overfitting and ensure that features are effective. Features values for a normal request are usually short request length, large allowed character ratio, small special character ratio, and zero attack weight or close to zero. Features values for anomaly requests are large request length, small allowed character percentage, large special character percentage, and very large numerically attack weight. Our proposed model achieved a classification accuracy of 99.6% with datasets used in research studies in this field and 98.8% with datasets of real web servers.

Cloud Functions and Serverless Computing

Abstract: Cloud Function in the simplest words is a Function-as-a-Service (FaaS). FaaS is actually a family of the serverless computing category. “Serverless” means that the user can focus on its application logic without dealing with infrastructure at all. Painless development, deployment, and maintenance of a web API is still not a turn-key solution, although modern web application frameworkshave improved dramatically in the last few years. Serverless is without any doubt a game-changer. The event-driven approach combined with a scalable and robust cloud ecosystem offered by the maintop cloud vendors opens endless opportunities. Cloud Functions is Google Cloud’s event-driven serverless compute platform. FaaS is a real NoOpstechnology, it completely abstracts away servers. Cloud Functions are developed with the sole purpose to build event-driven architectures. These can react to events like file changes in storage, messages in the queue, or any HTTP request. Index Terms: Cloud Computing, Serverless Technology, Function as a Service, LambdaFunctions and Functions

Covert Channel Construction Method Based on HTTP Composite Protocols

Aiming at the problems of low concealment of existing storage-type covert channels, high bit error rate, and low transmission rate of time-type covert channels, this paper proposes a method of constructing covert channels based on HTTP protocol combination. The method simulates browser application to send HTTP requests, dynamically distributes HTTP requests to different browsers, embeds hidden information by mathematical combination, and dynamically adjusts access objects, data packet time interval, and data packet length, thus improving the concealment of the channel. At the same time, the channel is based on the reliable transmission inside TCP protocol so that it is not affected by network jitter, thus ensuring the reliability of the channel. Experimental results show that this method can resist the detection method based on application signature, protocol fingerprint detection method, and combination model detection method, and has strong concealment. It can adjust the concealment and channel capacity according to the application scenario.

Development of a semi-structured database for back-analysis of the foundation stiffness of offshore wind monopiles

Offshore wind turbines founded on monopiles are highly dynamic structures in which the stiffness of the soil adjacent to the monopile controls the natural frequency of the structure. As the loading regime and ground conditions surrounding the foundation are subject to considerable uncertainty, adaptable digital twins of the offshore structures are valuable as they allow the use of in-field monitoring data for model updating. As soil conditions and water depths are rarely uniform across a wind farm site, each structure is expected to behave differently. To back-analyse structural performance, geotechnical and structural data needs to be retrieved at every foundation location. A serverless cloud-based application was developed to allow quick and reliable storage and retrieval of geotechnical and structural data. The database was combined with an API layer to allow parametric data retrieval for back-analyses and digital twin updating across an entire wind farm. As the web application is hosted in the cloud, the data can be accessed through simple HTTP requests by authenticated users working offshore, in the office or remote. The performance of this solution is illustrated with a case study in which foundation stiffness across an entire wind farm site is parametrically calculated and updated.

RANCANG BANGUN DAN IMPLEMENTASI WEB SERVICE PADA SISTEM INFORMASI AKADEMIK BERBASIS MOBILE STUDI KASUS DI UNWAHA

One of the implementations of information and communication technology is the information system. University of KH. A. Wahab Hasbullah which already has an Academic Information System (SIA) based on a web platform that can serve the needs of managers, lecturers and students related to academic activities. Students get academic information including study plan card information, study result cards, and other academic information starting with the input of the SIA url on a web browser which is done manually. With this flow, there are still some students who are late to get information about academics.
 The purpose of this study is to identify the application and implementation of a web service in handling data transmission from the client to the server. The mobile-based academic information system application is built using framework7 as a front-end and also acts as a client consumer, the data storage structure in the application uses MySql services as a database to store data and acts as a server, in every relationship between the client to the server is handled by the REST web service which has http request and response protocols. In cross-platform creation, the system has been integrated with a web-view hybrid modeling to support cross-platform, Apache Cordova framework makes it easy to build applications into a mobile form. The final result of this research is the creation of a mobile SIA application along with the implementation of a web service to make it easier for students to obtain information on KRS, KHS, and Heregistration Information at University of KH. A. Wahab Hasbullah.
 Keywords: Web Service, Academic Information Systems, Mobile, Framework7, Apache Cordova.

LEAVE MANAGEMENT SYSTEM USING WEB SERVICE WORKER AND CHUNKING OF IMAGE SUBMISSION

Filing a leave of absence is typical for any employee. Employees may be required to submit applications which must be fully accomplished before approval. The aim of this project is like a document tracking system for leave applications through a web application. A responsive web application for leave management system where the applicant will know the status of his/her request. The administration will then be notified if there are requests submitted to them. What makes this project efficient is the incorporation of the service worker, a cutting-edge technology, in web development. A service worker is a type of web worker. It is essentially a JavaScript file that runs separately from the main browser thread, intercepting network requests, caching or retrieving resources from the cache, and delivering push messages. [1] Since service workers run separately from the main thread, workers are independent of the application they are associated with. Some parts of the project are usable offline using the HTTP request. Since leave applications may have image attachments, this system will make it possible to submit images by chunks. Chunking of images is important because there are instances where uploading may fail due to large files or slow internet connection. The use of web service workers provides the accessibility of the application even offline. While chunking of images makes it possible to submit images even on slow connectivity. The implementation of online leave management is geared toward making leave applications simple and convenient and is readily accessible for both the management and the employee.

Your WAP Is at Risk: A Vulnerability Analysis on Wireless Access Point Web-Based Management Interfaces

This work provides an answer to the following key question: Are the Web-based management interfaces of the contemporary off-the-shelf wireless access points (WAP) free of flaws and vulnerabilities? The short answer is not very much. That is, after performing a vulnerability assessment on the Web interfaces of six different WAPs by an equal number of diverse renowned vendors, we reveal a significant number of assorted medium-to-high severity vulnerabilities that are straightforwardly or indirectly exploitable. Overall, 13 categories of vulnerabilities translated to 28 zero-day attacks are exposed. Our findings range from legacy path traversal, cross-site scripting, and clickjacking attacks to HTTP request smuggling and splitting, replay, denial of service, and information leakage among others. In the worst-case scenario, the attacker can acquire the administrator’s (admin) credentials and the WAP’s Wi-Fi passphrases or permanently lock the admin out of accessing the WAP’s Web interface. On top of everything else, we identify the already applied hardening measures by these devices and elaborate on extra countermeasures that are required to tackle the identified weaknesses. To our knowledge, this work contributes the first wholemeal appraisal of the security level of this kind of Web-based interfaces that go hand in glove with the myriads of WAPs out there, and it is therefore anticipated to serve as a basis for further research in this timely and challenging field.

HTTP request pattern based signatures for early application layer DDoS detection: A firewall agnostic approach

Application Layer DDoS (AL-DDoS) attacks are an extremely dangerous variety of DDoS attacks that started becoming popular recently. They are executed using very few legitimate requests, making them very difficult to detect. Since they are executed using attack generation tools and botnets, AL-DDoS attacks display similarity within a request stream (temporal similarity) and across request streams (spatial similarity). Once a particular request stream has been detected as malicious by an anomaly detection mechanism (ADM), spatial similarity can help in detecting AL-DDoS attacks much earlier by employing a dynamic signature based approach. In this work, we use HTTP request patterns as signatures to build a firewall agnostic Early Detection Module (EDM) for AL-DDoS attacks. We also propose the use of Sample Entropy instead of the popular Shannon’s Entropy to identify AL-DDoS attacks. Sample Entropy is able to model both the frequencies and sequence of data items within a request stream, and is a better indicator of temporal similarity than Shannon’s Entropy. In this work, we demonstrate that Sample Entropy can be used effectively to detect AL-DDoS attacks. With a Sample Entropy based anomaly detection mechanism, we demonstrate that the use of EDM significantly reduces the detection latency for AL-DDoS attacks.

An Attack Detection Framework Based on BERT and Deep Learning

Deep Learning (DL) and Natural Language Processing (NLP) techniques are improving and enriching with a rapid pace. Furthermore, we witness that the use of web applications is increasing in almost every direction in parallel with the related technologies. Web applications encompass a wide array of use cases utilizing personal, financial, defense, and political information (e.g., wikileaks incident). Indeed, to access and to manipulate such information are among the primary goals of attackers. Thus, vulnerability of the information targeted by adversaries is a vital problem and if such information is captured then the consequences can be devastating, which can, potentially, become national security risks in the extreme cases. In this study, as a remedy to this problem, we propose a novel model that is capable of distinguishing normal HTTP requests and anomalous HTTP requests. Our model employs NLP techniques, Bidirectional Encoder Representations from Transformers (BERT) model, and DL techniques. Our experimental results reveal that the proposed approach achieves a success rate over 99.98% and an F1 score over 98.70% in the classification of anomalous and normal requests. Furthermore, web attack detection time of our model is significantly lower (i.e., 0.4 ms) than the other approaches presented in the literature.

A Quantum-Inspired Classifier for Early Web Bot Detection

This paper introduces a novel approach, inspired by the principles of Quantum Computing, to address web bot detection in terms of real-time classification of an incoming data stream of HTTP request headers, in order to ensure the shortest decision time with the highest accuracy. The proposed approach exploits the analogy between the intrinsic correlation of two or more particles and the dependence of each HTTP request on the preceding ones. Starting from the a-posteriori probability of each request to belong to a particular class, it is possible to assign a Qubit state representing a combination of the aforementioned probabilities for all available observations of the time series. By leveraging the underlying mathematical details of superposition and entanglement on specific subsequences, it is possible to devise a measure of membership to each class, thus enabling the system to take a reliable decision when a sufficient level of confidence is met or to continue with additional observations. The results reported in this paper objectively show the effectiveness of our quantum-inspired algorithm which outperforms other state-of-the-art approaches, including our own one based on the Sequential Probability Ratio Test.

Development of a web application for dissemination of educational information

The problem of sharing of educational information and research of components interaction on load distribution from users is considered. Purpose: to implement software to solve this problem. Design a database and project structure. Role-based access to information should be implemented. A user-friendly interface must be created for the software. Develop tests for the program that should be implemented to check the functionality and performance of the program. Use the developed tests to conduct research on load distribution from users. The developed program consists two parts (server and client). They interact using HTTP requests. The server part processes the data and verifies them. The client part receives and provides data to the server part and implements a user-friendly interface. The solution of this problem is implemented in the environments IntelliJ Idea 2020.1 (Ultimate Edition) and WebStorm 2020.1. Java 11 and JavaScript (ECMAScript 6) programming languages were used for implementation. The novelty of the work lies in the development of a program that makes it possible to use the functions necessary for studying at a higher educational institution. For example, providing students with access to study materials, the ability for all users to view their schedule. Instructors can also view the schedule of the groups they teach in the current semester. Each student can revise the teacher's schedule if he teaches at least one subject. Another important function is the management of the structure of the university (management of information about institutes, departments and study groups). We also conducted research on the performance of the program and investigated the possibility of improving the speed of the program in the event of a significant increase in active users.