The Research On Web Application Firewall Based On Cloud Architecture

The rapid development of computer technology has caused widespread application of web. And the diversity and flexibility of web technology has made attack methods be upgraded quickly. Too many serious security incidents have been reported as a result of web attacks. Web security issues turn out to be a very important part of information security. Traditional web intrusion detection technologies cannot work well when facing attacks such as brute force, web layer denial of service. This paper focus on the detection technology of those kind of attacks, and on using cloud computing platform to obtain high detection efficiency.(1) This paper analyzes the status and trend of the current Web security and study in-depth the main means of Web attacks. And extracts the key features of different mode of attacks by analyzing the characteristics of HTTP data packets and web flow.(2) This paper presents an alive entropy algorithm, which can dig out attack activities in web flow by analyzing the entropy’s change when attacks happening. Experiments show that alive entropy detection algorithm is an effective complement to traditional web intrusion detection technology.(3) This paper realizes a flow cloud computing platform based on Storm, and according to the characteristics of the computing platform and improves the alive entropy algorithm so that it can be used in cloud computing environment. This platform realizes the analysis of real-time detection of web flow and improves the computing speed and processing capacity in web intrusion detection effectively.To sum up the analysis and research above, this paper constructes a web application firewall model based on storm, and verifies its functionality. Experiments show that the model can effectively prevent attacks against web applications and improve the detection efficiency in high flow situations.