Application for Autonomous Decentralized Multi Layer Cache System to Web Application Firewall

Abstract

Web service demand is heterogeneous and it is expanding day by day. Malicious web attacks particularly at application layer, are also increasing significantly. It is estimated eighty percent (80%) malicious attacks are web application layer attacks such as Cross Site Scripting and SQL injection. Such attacks have affected financial organizations, government institutes, hospitals and enterprise companies and so on. It is required to detect such attacks instantly to maintain the safe operations. Existing Web Application Firewalls (WAF) aim at protection of web application attacks using Black and White list based approach. Black list based WAFs operate at security operation center (SOC) to protect known attacks and it is easy to maintain same black list by other WAF nodes. However, white list independent signature from each Web service and it is generated by each web site policy. When the event of WAF fails, other WAF doesn't have same level of White list at that time. Black list is common type of signature and it can be keep the assurance by multiple WAF nodes or proxy node but White list is individual type of signature and can't maintain assurance by same policy of node. Therefore, to maintain high detection rate, dynamic adaptability of White list is required. It also requires online property and timeliness response. To solve these issues, an integrated Autonomous Decentralized Multi Layer Cache (ADMLC) system with Web Application Firewall is proposed. Evaluation shows that proposed architecture detection rate is much better than other traditional WAF based systems.