학술논문

Sanare: Pluggable Intrusion Recovery for Web Applications
Document Type
Periodical
Source
IEEE Transactions on Dependable and Secure Computing IEEE Trans. Dependable and Secure Comput. Dependable and Secure Computing, IEEE Transactions on. 20(1):590-605 Jan, 2023
Subject
Computing and Processing
Cloud computing
Web services
Containers
Codes
Virtual machining
Distributed databases
Web servers
Intrusion recovery
pattern matching
learning systems
compensating operations
recovery
cloud computing
databases
Language
ISSN
1545-5971
1941-0018
2160-9209
Abstract
Web applications are exposed to many threats and, despite the best defensive efforts, are often successfully attacked. Reverting the effects of an attack on the state of such an application requires a profound knowledge about the application, to understand what data did the attack corrupt. Furthermore, it requires knowing what steps are needed to revert the effects without modifying legitimate data created by legitimate users. Existing intrusion recovery systems are capable of reverting the effects of the attack but they require modifications to the source code of the application, which may be unpractical. We present Sanare , a pluggable intrusion recovery system designed for web applications that use different data storage systems to keep their state. Sanare does not require any modification to the source code of the application or the web server. Instead, it uses a new deep learning scheme that we also introduce in the article, Matchare , that learns the matches between the HTTP requests and the database statements, file system operations, and web service requests that the HTTP requests caused. We evaluated Sanare with three open source web applications: WordPress, GitLab and ownCloud. In our experiments, Matchare achieved precision and recall higher than 97.5% with a performance overhead of less than 18% to the application.