الفهرس 
الغلافOnly 14 pages are availabe for public view
 |  | from | 191 |  |  |
| | | from | 191 | | |
Abstract
Web applications are designed to allow any user with a web browser and an internet connection to interact with them in a platform independent way. They are typically constructed in a two- or three-tiered architecture consisting of at least an application running on a web server, and a back-end database. Both components may have trust assumptions about their respective environments. The application may be designed with the assumption that users will only enter valid input as the programmer intended, in terms of both input values and ways of entering input. The backend database may be set up with the assumption that the application will only send it authorized queries for the active user, in terms of both the types of actions the queries perform and the ranges of tuples the queries act on. All of these assmnptions, if not checked properly, risk being violated, by malicious users.
In this thesis, we propose a model for detection and prevention of SQL injection attack. This model depends on fmgerprinting the normal behavior of web application. This is done through applying Apriori algorithm on database audit log file. Before this step, queries in audit log file are encoded in XML file. Apriori algorithm is applied using XQuery. The model combines the misuse and anomaly detection techniques. Each query sent from the user is checked against rules extracted from the audit file in anomaly detection phase. If the query passes this step, the structure of the query will be checked against corresponding queries stored in XML file during the mIsuse detection phase.
We also provided III this thesis, an intrusion detection model that detects SQL injection and cross site script attack through analysis of web log files. First we provided a new way for preprocessing of web log files to make them ready for applying data mining techniques. We integrated data from two log file format: W3C format and NCSA common format into one XML file format and then we processed them to eliminate noisy data. We also presented how the preprocessing process for intrusion detection is different from preprocessing for web mining. The proposed intrusion detection model combines the power of misuse and anomaly detection techniques. The intrusion detection model reports entries in log file that contain attacks, anomalous users and the pages that result in continuous errors to enhance their performance.
Experiments are conducted for the model and the intrusion detection model and the results are recorded. Experiments illustrates that our proposed model and model are able to detect SQL injection and cross site script attacks and with affordable range of false positive rate.