Journal
Scientific and Technical Journal of Information Technologies, Mechanics and Optics
UDK
Issue:2 (126)
Download PDF0 Kbyte
SEARCH METHODS FOR ABNORMAL ACTIVITIES OF WEB APPLICATIONS
Annotation
Subject of Research. The paper presents a review of existing detection methods for abnormal activities of web applications. Comparative characteristics are given. Priorities for improving information security tools in web applications are shown. Method. For evaluation of search methods for abnormal activities of web applications, criteria for selecting indicators were defined. Particular attention was paid to such indicators as: the launching speed of web applications after loading, web application responsiveness to user actions and the number of abnormal activities found in comparison with the number of malfunctions found. Three methods of searching for abnormal activities were compared: statistical code scanning, dynamic code scanning and network traffic monitoring. We considered advantages and disadvantages of each method and implementation examples. Main Results. It is shown that the dynamic method of searching for abnormal activities has the best characteristics. The method provides the identification of anomalies associated with traffic transfer and anomalies that occur during the local operation of web applications. The method is implemented as a code analyzer built into the browser engine. The analyzer checks all calls of the web application to the engine and detects abnormal activity based on such calls. In contrast to static scanning, dynamic scanning identifies anomalies in Web Workers, WebAssembly and in the parts of code that are downloaded over the network after the application starts. Practical Relevance. The work can be useful to information security specialists who deal with the problems of protecting web applications, as well as programmers and system administrators at application creation and implementation stage. The results of the work can find practical use in the development of web applications, browsers, and information protection software.
Keywords
Постоянный URL
Articles in current issue
- ANALYTICAL REVIEW OF METHODS FOR EMOTION RECOGNITION BY HUMAN FACE EXPRESSIONS
- PULSED LASER DEPOSITION OF ALUMINUM NITRIDE THIN FILMS ONTO SAPPHIRE SUBSTRATES
- DIFFUSE REFLECTION ELECTRON SPECTROSCOPY IN STUDY OF BLOOD SERUM WITH MULTIPLE MYELOMA
- AMBER IDENTIFICATION BY FOURIER TRANSFORM–RAMAN SPECTROSCOPY
- PARAMETER SETTING OF PILOT BEHAVIORAL DYNAMIC MODEL IN AIRCRAFT CONTROL LOOP
- CURRENT TRENDS IN DEVELOPMENT AND PRODUCTION OF NANOSCALE DRUG DELIVERY SYSTEMS
- DENIAL-OF-SERVICE ATTACK ANALYSIS BY MQTT PROTOCOL
- TESTING OF MULTITHREADED APPLICATIONS WITH LOCKS ON NON-ATOMIC VARIABLES
- SEARCH METHODS FOR ABNORMAL ACTIVITIES OF WEB APPLICATIONS
- DYNAMICS OF CENTRALITY MEASURES OF RANDOM GRAPH MATHEMATICAL MODELS
- METHOD OF TOPOLOGICAL ROUGHNESS OF DYNAMIC SYSTEMS: APPLICATIONS TO SYNERGETIC SYSTEMS
- HEAT EXCHANGER FOR NEUTRON THERMALIZATION DEVICE INBEAM RESEARCH VESSEL REACTOR
- SIMULATION OF ELECTRONIC EQUIPMENT THERMAL REGIME BASED ON THERMAL IMAGING RESULTS OF ELEMENT TEMPERATURE FIELDS
- СALCULATION OF THERMOPHYSICAL PROPERTIES OF SLAB LASER MULTI-COMPONENT GAS MEDIUM
- MODELING OF WINDING PROCESSOF COMPOSITE CYLINDRICAL SHELLS
- RESEARCH OF ELECTRIC DRIVE SYSTEMS WITH REAL TIME SOFTWARE CONFIGURABLE CONTROL
- NEURAL NETWORK APPLICATION FOR DETECTION OF ROAD ACCIDENTS