Verification of web content integrity: detection and recovery security approach using colored petri nets

Автор: Sherin Hijazi, Amjad Hudaib

Журнал: International Journal of Computer Network and Information Security @ijcnis

Статья в выпуске: 10 vol.10, 2018 года.

Бесплатный доступ

This paper focuses on the design model verification processes to reduce modification cost after the software is delivered. We proposed a new design flow of web content integrity to protect web security by using colored petri nets simulation. The method covers the design process from the firewall stage to the recovery stage. In the proposed solution, the model verified the integrity of web content through detection tampering and recovery web content processes. Furthermore, the specification formally verifies the model checking technique by colored Petri nets formalism. Finally, the model is simulated by colored petri nets to insure the correct behavior of the designed web content integrity model.

Еще

Verification, Firewall, Web Content integrity, CPNs tool

Короткий адрес: https://sciup.org/15015635

IDR: 15015635 | DOI: 10.5815/ijcnis.2018.10.01

Список литературы Verification of web content integrity: detection and recovery security approach using colored petri nets

A. Kapravelos, Y. Shoshitaishvili, M. Cova, C. Kruegel, and G. Vigna. 2013. “Revolver: An automated approach to the detection of evasive web-based malware”. In Proceedings of the 22nd USENIX Security Symposium, August 14–16, 2013, Washington, D.C., USA ISBN 978-1-931971-03-4.
Á. Sobrinho, A. Perkusich, L. Silva, and P. Cunha. 2014. “Using Colored Petri Nets for the Requirements Engineering of a Surface Electrogastrography System”. IEEE, 978-1-4799-4905-2/14/$31.00 ©2014 IEEE.
B. Agarwal. 2013. “Transformation of UML Activity Diagrams into Petri Nets for Verification Purposes”. International Journal Of Engineering And Computer Science ISSN: 2319-7242 Volume 2 Issue 3 March 2013 Page No. 798-805.
B. Barzegar and H. Motameni. 2011. “Modeling and Simulation Firewall Using Colored Petri Net”. World Applied Sciences Journal 15 (6): 826-830, 2011 ISSN 1818-4952 © IDOSI Publications, 2011.
D. Reddy, and S. Reddy. 2015. “Detecting Attacks and Protecting From single To Multi Level application”. International Journal of Advanced Technology in Engineering and Science, Volume No.03, Issue No. 01, pp 478 – 484.
E. Mirzaeian, H. Motameni, S. G. Mojaveri, and A. Farahi. 2010. “An optimized approach to generate object oriented software test case by Colored Petri Net”. 2nd International Conference on Software Technology and Engineering (ICSTE), 9 78-1-4244-8666-3/10/$26.00 2010 IEEE.
G. Stringhini, C. Kruegel, and G. Vigna. 2013. “Shady paths: leveraging surfing crowds to detect malicious web pages”. CCS ’13, November 4–8, 2013, pages 133–144. Berlin,Germany. Copyright2013ACM978-1-4503-2477-9/13/11. http://dx.doi.org/10.1145/2508859.2516682.
H. Shahriar, S. North, and W. Chen. 2013. “early Detection of SQL Injection Attacks”. International Journal of Network Security & Its Applications, Vol.5, No.4, pp 53 -65, DOI: 10.5121/ijnsa.2013.5404.
I. Grobelna, R. Wisniewski, M. Grobelny, and M. Wisniewska. 2016. “Design and Veriﬁcation of Real-Life Processes with Application of Petri Nets”. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2168-2216, 2016 IEEE.
Jose-Inacio Rocha, Luıs Gomes, and Octavio Pascoa Dias. 2011. “Dataﬂow Model Property Veriﬁcation Using Petri net Translation Techniques”. IEEE, 978-1-4577-0434-5/11/$26.00 ©2011 IEEE.
K. Md. Nur. 2011. “Formal Verification of Requirements Engineering Of Road Traffic Control System Using Petri Nets”. Bangladesh Research Publications Journal, ISSN: 1998-2003, Volume: 5, Issue: 4, Page: 402-411, July -August, 2011.
K. Sacha. 1998. “Safety verification of software using structured Petri nets”. Ehrenberger W. (eds) Computer Safety, Reliability and Security Springer, Berlin, Heidelberg. vol 1516, https://doi.org/10.1007/3-540-49646-7_26, ISBN 978-3-540-65110-9
L. Peterson. 1977. “Petri Nets”. Computing Surveys, Vol 9, No. 3, September 1977.
L. Silva, A. Perkusich. 2005. “Composition of software artifacts modelled using Colored Petri nets”. Science of Computer Programming 56 (2005) 171–189, 0167-6423/$ - see front matter © 2004 Elsevier B.V. All rights reserved. doi:10.1016/j.scico.2004.11.011.
L. Zhua and W. Wang. 2012. “UML Diagrams to Hierarchical Colored Petri Nets: An Automatic Software Performance Tool”. International Workshop on Information and Electronics Engineering (IWIEE), 1877-7058 © 2011 Published by Elsevier Ltd, doi:10.1016/j.proeng.2012.01.373.
Madhusudanan. J, Anand. P, Hariharan. S, and V. Prasanna Venkatesan. 2014. “Verification of Generic Ubiquitous Middleware for Smart Home Using Coloured Petri Nets”. I.J. Information Technology and Computer Science, 2014, 10, 63-69, DOI: 10.5815/ijitcs.2014.10.09.
M. Siebert, and J. Flochová. 2013. “PNets - the Verification Tool based on Petri Nets”. World Congress on Engineering 2013 Vol I, WCE 2013, July 3 - 5, 2013, London, U.K.
Org Desel J. and JuhG. 2001. “What Is a Petri Net?”. Informal Answers for the Informed Reader of the series Lecture Notes in Computer Science, Volume 2128, pp 1-25.
P. Bon, and S. Collart-Dutilleu. 2013. “From a Solution Model to a B Model for Verification of Safety Properties”. Journal of Universal Computer Science, vol.19, no. 1(2013), 2-24.
Sh. Aljawarneh, Ch. Laing, and P. Vickers. 2007. “Verification of Web Content Integrity: A new approach to protecting servers against tampering”. http://nrl.northumbria.ac.uk/456, ISBN: 1-9025-6016-7 © 2007 PGNet.
S. Kumar. 1995. “Classification and Detection of Computer Intrusions”. Phd thesis Department of Computer Sciences, vol. 19, no. 8, pp. 21-71, 1995.
S. Hidhaya, and A. Geetha. 2012. “Intrusion Protection against SQL Injection Attacks Using a Reverse Proxy”. Recent Trends in Computer Networks and Distributed Systems Security Communications in Computer and Information Science, Volume 335, pp 252-263, DOI: 10.5121/csit.2012.2314.
T. Mule, A. Mahajan, S. Kamble, and O. Khatavkar. 2014. “Intrusion Protection against SQL Injection and Cross Site Scripting Attacks Using a Reverse Proxy”. (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 5 (3), 2014, 2846-2850, ISSN: 0975-9646.
Sherin Hijazi, Amjad Hudaib. 2017. “Using Petri Nets to Verify Design Model: A Survey”. 2017 International Conference on Computational Science and Computational Intelligence (CSCI'17), IEEE proceeding, DOI: 10.1109/CSCI.2017.174.
Sherin Hijazi, Mahmoud Moshref and Saleh Al-Sharaeh. 2017. “Enhanced AODV Protocol for Detection and Prevention of Blackhole Attack in Mobile Ad Hoc Network”. International Journal of Computers and Technology, ISSN 2277 – 3061, Volume 16 Number 1, pp 7535 - 7547.
T. Murata. 1989. “Petri Nets: Properties, Analysis and Applications”. IEEE, Proceedings of the IEEE, VOL. 77, NO. 4, APRIL 1989.
W. Chun-jian, L. Yong-zhi, and X. Fan. 2012. “An Improved Modeling Method Based on Colored Petri Net”. International Conference on Applied Physics and Industrial Engineering, 1875-3892 © 2011 Published by Elsevier B.V. Selection and/or peer-review under responsibility of ICAPIE Organization Committee. doi:10.1016/j.phpro.2012.02.168.
W. Win, and H. Htun. 2014. “Detection of SQL Injection Attacks by Combining Static Analysis and Runtime Validation”. International Conference on Advances in Engineering and Technology, Volume 3, Number 20 , pp 95-99 .
X. Li, and D. Li. 2014. “A Network Attack Model based on Colored Petri Net”. Journal of Networks, vol. 9, no. 7, July 2014.
Y. Harie, and K. Wasaki. 2016. “Formal Verification of Safety Testing for Remote Controlled Consumer Electeonics Using the Petri Net Tool: HiPS”. IEEE 5th Global Conference on Consumer Electronics, 978- 1 -5090-2333-2/16.
Y. Xu. 2011. “Modeling and Analysis of Security Protocols Using Colored Petri Nets”. Journal of Computers, vol. 6, No. 1, January 2011, doi:10.4304/jcp.6.1.19-27.
Z. Xiao-yu, Y. Zhi-jie, and L. Jing-yang. 2016. “Test Generation Approach based on Colored Petri Net of Mode Transition in On-board Subsystem”. Proceedings of the 35th Chinese Control Conference July 27-29, 2016, Chengdu, China.

Еще

Статья научная