Header image  

School of Electrical Engineering and Computer Science

National University of Science and Technology, Pakitan.

 
 
 
 

BACKGROUND
The number of cybercrime threats has grown tremendously due to the significant use of World Wide Web (WWW) by the community, because everyone is getting online now. Recent surveys show that about 80% of Web based attacks are being deployed at the application layer of OSI model and more than 90% of Web applications are vulnerable to these attacks. Network level Firewall, IDS, IPS isn’t enough due to their limitation of not checking HTTP traffic passing through them.


INTRODUCTION
Web Application Security Group (WASG) at NUST-SEECS come up with a solution named Semantic based Application Level Firewall. In it WASG combined the two different domains i.e. security and semantics to provide the solution.


FEATURES

  • Automatic generation of attack signatures
  • Protection for zero day attacks using rule based reasoning
  • Easy update of knowledge base for new attacks

COLLABORATIONS

  1. DTS, Japan
  2. True Meridian, Islamabad
  3. Kualitetam, Lahore

Project Director: Dr. Hafiz Farooq Ahmad

Co - Project Directors: Dr. Khalid Latif, Dr. Fauzan Mirza

Group Members: Muhammad Ali Hur, Abdul Razzaq, Muddassar Masood, Nasir Haider, Syed Mishal Murtaza


ACHIEVEMENTS
  1. “Context Based Application Level Intrusion Detection System by using Bayesian Filter”, 5th International Symposium on High Capacity Optical Network & Enabling Technologies (HONET), 2008. Malaysia
  2.  “Multi-Layered Defense Against Web Application Attacks” The 6th International Conference on Information Technology - New Generations (ITNG) 2009, April 27-29, 2009, Las Vegas, Nevada, USA.
  3. “Ontology Based Application Level Intrusion Detection System by using Bayesian Filter” The 2nd  IEEE International Conference on Computer, Control & Communication (IEEE-IC4) 2009, PNEC Karachi, Pakistan.
  4. “A Semantic Fortress Against Web Application Attacks”. 2009 IEEE/WIC/ACM International Joint Conferences on Web Intelligence and Intelligent Agent Technologies (WI-IAT 2009), 15-18 September 2009, Milano, Italy.