Research On Intrusion Detection Techniques Of Web Service Composition Based On BPEL

Abstract SOA is always based on web service technology. However, web service technologyhas a lot of vulnerabilities. The WS-security standard built by IBM and Microsoft provides thesafety on confidentiality, integrity and identity authentication, but they are not able to guaranteethe full safety of web service. Nowadays, web service composition is always used to provide richfunctions, and BPEL has become the actual standard in web service composition due to thesupport of industrial circles, but malicious user may alter the business process by altering theBPEL document. Thus it makes sense to research web service security by validating whetheruser behavior corresponds to the business process described by the BPEL document.On the one hand, the BPEL document describes the format of web service composition andthe interaction processing of protocol among the businesses. On the other hand, the BPELdocument arranges the steps of the business process and defines the entry point of the businessprocess, so the BPEL document is the key point of web service composition. All the operationscan be extracted through the analysis of the BPEL document. At the same time, the parameterspassed by the operations and the logical relationship among the entire operations can also beextracted. Then a directed acyclic graph is generated with operations extracted as its nodes. Thegraph’s edges are created according to the relationship among the operations. The parameterspassed among the operations are regarded as the weight of the edges. Then the structure activitiesof the BPEL document are changed into nodes called And, Or and Repeatable, and they areinserted into the graph. After that, a new directed acyclic graph is generated and it is calledoperation request graph. The operation request graph is regarded as the profile of the anomalydetection model. While user behavior goes against the profile, the behavior is defined as illegal.Anomaly detection technology is fast to detect user behavior with lower false positive rate, soit’s adaptive to detect multitudinous network user behavior. This method forces the users toexecute business processes according to the BPEL document, so it enhances the security of webservice composition. Finally, the functional tests prove that this method can improve the securityof web service composition.