Information Technology Reference
In-Depth Information
Fig. 1.
The structure of finite state machine
A
HTTP
, designed for the detection of network attacks
on Web-servers
During the analysis of HTTP-requests state machine
A
HTTP
uses the following
auxiliary variables:
−
S
methods
- one-dimensional string array with the list of allowed HTTP-methods,
L
URL
- numeric variable, that specifies the maximum allowed length of the URL
(for example “www.mati.ru/scripts/example.exe” is an URL in the following
HTTP-request “http://www.mati.ru/scripts/example.exe”),
−
−
S
URL
- one-dimensional string array with list of resources, stored on Web-server
(this array can represent both static and dynamic Web-environment because of the
ability to use regular expressions),
−
L
NQuery
- numeric variable, that specifies the maximum allowed number of
parameters in a HTTP-query (for example “?var1=test1&var2=test2” is query in
the
following
request
“http://www.mati.ru/scripts/example.exe?var1=test1&
var2=test2”),
−
L
VarLength
- numeric variable, that specifies the maximum length of a variable name
being passed via a HTTP-query (for example “var1” and “var2” are variable names
in the following request “http://www.mati.ru/scripts/example.exe?var1=test1&
var2=test2”),
−
L
ValLength
- numeric variable, that specifies the maximum length of the data being
supplied for a specific variable (for example “test1” and “test2” are variable data
entries in the following request “http://www.mati.ru/scripts/example.exe?
var1=test1&var2=test2”),
−
L
NHeaders
- numeric variable, that specifies the maximum allowed number of
headers in HTTP-request,
−
S
Versions
- one-dimensional string array, that contains the list of HTTP protocol
versions, supported by the protected Web-server,
−
S
Headers
- one-dimensional string array with the list of allowed HTTP-headers,
−
Z
- temporary string variable, which is used for the storage of HTTP-request
fragments,
−
i
,
j
,
k
- temporary numeric variables, that are used as counters.
The variables
Z
,
i
,
j
and
k
are initialized automatically during the work of state
machine
A
HTTP
, whereas all other variables should be initialized by the operator before