Behavior-Based Model of Detection and Prevention of Intrusions in Computer Networks - Computer Network Security

Information Technology Reference

In-Depth Information

the start of state machine A HTTP according to the RFC requirements and specific

characteristics of the protected Web-server.

For the sake of simple graphical representations of state-machine modules we will

use the following symbolic notations:

−

A - set of English alphabet letters,

−

N - set of numbers (0 - 9), symbols «.», «#», «?», «/», «%» and underline symbol,

NOP - semantic operator, which doesn't perform any actions,

−

“_” - space symbol,

−

“CRLF” - symbol, which denotes carriage return and line feed.

The description of modules of state machine A HTTP is cited below.

3.1 Module of HTTP-Method Analysis

The module of HTTP-method analysis starts the processing of input symbols of state

machine A HTTP . The module checks that the analyzed HTTP-request is based on one

of the allowed HTTP-methods, which are defined in variable S method . The graph model

of this module is depicted in Fig. 2.

The first module consists of three states s 0 , s 1 , s 2 ∈

S and three semantic operators y 0 ,

y 1 , y 2

Y , that are executed during the transition of the machine from one state to

another. The description of these states and semantic operators of the module is cited in

Table 1.

∈

Fig. 2. The graph model of HTTP-method analysis module of finite state machine A HTTP

Table 1. The description of states and semantic operators of HTTP-method analysis module

State

transition

Transition

condition

Semantic operator, which is

executed during the transition

The first input

symbol is a letter of

English alphabet a ∈ A

The semantic operator y 1 is executed. Operator y 1

clears the value of Z ( Z =“”) and initializes it with

the first input symbol a ∈ A ( Z = a )

Transition

from s 0 to s 1

The semantic operator y 2 is executed. This operator

concatenates the value of Z with the input symbol a

( Z = Z + a )

The input symbol is a

letter of English

alphabet a ∈ A

Transition

from s 1 to s 1

The semantic operator y 2 is executed. Operator

performs the following check. If the value of Z

corresponds to one of elements of S methods then the

subsequent processing of input string is

implemented by the module of URL analysis.

Otherwise the processing of input strings is stopped

because the analyzed HTTP-request contains the

unsupported HTTP-method

Transition

from s 1 to s 2

The input symbol is a

space symbol “_”

Computer Network Security

Search WWH ::

Custom Search

Home