FIELD: information technology.
SUBSTANCE: invention relates to a method and system for protecting web applications from various attack classes. Method is based on the automatic modeling of the web application operation and includes the following steps: automatic collection of training data on the functioning of the web application, form at least one model of the functioning of the web application by parsing and analyzing the training data obtained in the previous step, detect false positives for rules for detecting attacks on web applications based on training data and generated models of the functioning of the web application, include the mode of protecting the web application, in which they analyze new incoming requests to the web application and its responses, assess the degree of normality or anomaly of these requests, and then make decisions on their further processing.
EFFECT: technical result is to increase the reliability of web applications.
11 cl, 15 dwg
Title | Year | Author | Number |
---|---|---|---|
SYSTEM AND METHOD FOR CHECKING WEB RESOURCES FOR PRESENCE OF MALICIOUS COMPONENTS | 2010 |
|
RU2446459C1 |
METHOD OF INCREASING RELIABILITY OF DETECTING MALICIOUS SOFTWARE | 2012 |
|
RU2485577C1 |
SYSTEM AND METHOD OF DETERMINATION OF DDOS-ATTACKS UNDER FAILURE OF SERVICE SERVERS | 2017 |
|
RU2665919C1 |
DDoS-ATTACKS DETECTION SYSTEM AND METHOD | 2017 |
|
RU2676021C1 |
SYSTEM AND METHOD OF PROCESSING GRAPH DATA | 2015 |
|
RU2708939C2 |
OFFLINE EXECUTION OF WEB BASED APPLICATIONS | 2007 |
|
RU2453911C2 |
SYSTEM AND METHOD OF SETTING SECURITY SYSTEMS UNDER DDOS ATTACKS | 2017 |
|
RU2659735C1 |
METHOD OF ANALYSING AND DETECTING MALICIOUS INTERMEDIATE NODES IN NETWORK | 2012 |
|
RU2495486C1 |
SYSTEM AND METHOD FOR COLLECTING INFORMATION FOR DETECTING PHISHING | 2016 |
|
RU2671991C2 |
SYSTEM AND METHOD FOR OUTSIDE CONTROL OF THE CYBERATTACK SURFACE | 2021 |
|
RU2778635C1 |
Authors
Dates
2018-07-02—Published
2017-01-17—Filed