ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

SEARCH METHODS FOR ABNORMAL ACTIVITIES OF WEB APPLICATIONS

Journal: Scientific and Technical Journal of Information Technologies, Mechanics and Optics (Vol.20, No. 2)

Publication Date:

Authors : ;

Page : 233-242

Keywords : abnormal activity; browser; browser engine; web applications; JavaScript engine; traffic analysis between client and server; static code analysis; dynamic code analysis; search for abnormal activities;

Source : Downloadexternal Find it from : Google Scholarexternal

Abstract

Subject of Research.The paper presents a review of existing detection methods for abnormal activities of web applications. Comparative characteristics are given. Priorities for improving information security tools in web applications are shown. Method.For evaluation of search methods for abnormal activities of web applications, criteria for selecting indicators were defined. Particular attention was paid to such indicators as: the launching speed of web applications after loading, web application responsiveness to user actions and the number of abnormal activities found in comparison with the number of malfunctions found. Three methods of searching for abnormal activities were compared: statistical code scanning, dynamic code scanning and network traffic monitoring. We considered advantages and disadvantages of each method and implementation examples. Main Results.It is shown that the dynamic method of searching for abnormal activities has the best characteristics. The method provides the identification of anomalies associated with traffic transfer and anomalies that occur during the local operation of web applications. The method is implemented as a code analyzer built into the browser engine. The analyzer checks all calls of the web application to the engine and detects abnormal activity based on such calls. In contrast to static scanning, dynamic scanning identifies anomalies in Web Workers, WebAssembly and in the parts of code that are downloaded over the network after the application starts. Practical Relevance. The work can be useful to information security specialists who deal with the problems of protecting web applications, as well as programmers and system administrators at application creation and implementation stage. The results of the work can find practical use in the development of web applications, browsers, and information protection software.

Last modified: 2020-04-14 22:35:40