نوع المشرف

مشرف رئيسي

تاريخ الاشراف على الرسالة من

2021

الى

2022

اسم الطالب

عبد الرحمن الشايع

ملخص الرسالة

The ability to offer essential business operations via the Internet provides web services with vulnerabilities that adversaries may exploit. DoS assaults, in particular, may result in financial and reputation losses for online service providers, such as financial and reputation losses for web service providers. Because security must be provided for services to be supplied, even in the face of assault, the software used for service deployment (i.e., the web service framework) must be able to offer a safe environment. The means through which web applications and their users communicate with one another is known as a web service. It is easy to scale web services since they do not rely on specific hardware or software. However, web services’ absence of security protection leaves a hole that attackers may exploit. The HyperText Transfer Protocol (HTTP) and the Simple Object Access Protocol (SOAP) provide web-based services. The Extended Mark-up Language (XML) is a critical component of web services (XML). As a result, web services are particularly susceptible to assaults that use XML as a weapon of mass destruction. Recently, a new XDoS attack targeting web services has appeared, which uses XML as the attack vector instead of plain old HTML. These attacks aim to deplete the system’s resources by delivering malicious XML-encoded SOAP requests. Because these malicious requests are disguised as genuine TCP/IP packets, they go unnoticed at the network or transportation levels of TCP/IP. This article suggests a middleware tool for detecting and preventing XDoS and HTTP flooding attacks on web services. XDoS assaults at the application layer and flooding attacks at the network layer are the program's focus, which aims to identify and mitigate them using the Open System Interconnection (OSI) architecture. In order to identify XDoS assaults, the rule-based technique classifies requests as benign or malicious. Rule-based technology has successfully recognized and blocked XDoS and HTTP flooding assaults such as large payloads, forceful parsing, and external XML elements in near-real time, such as 0.006s across web services, according to the middleware tool’s trial findings. Middleware protects web services against XDoS and distributed XDoS assaults by providing almost 100 percent service availability to routine requests (DXDoS).