secure web services in mobile agents by using honeypot ... · secure web services in mobile agents...
TRANSCRIPT
Rajesh,Niranjan Page 65
SECURE WEB SERVICES IN MOBILE AGENTS BY USING
HONEYPOT SYSTEM AS INTRUSION DETECTION FOR MANET
RAJESH KUMAR1, PROF. S NIRANJAN
2
1Research Scholar, Mewar University, Gangrar, Chittorgarh, Rajasthan-312 901, India
2Professor, Electronics and Communication Engineering Deptt. Mewar University, Gangrar, Chittorgarh,
Rajasthan-312 901, India
Abstract:
Web services are dominating the current web scenario. Web services are independent and autonomous,
designed to perform a specific task with the help of mobile Agents by using Honeypot System as Intrusion
Detection for MANET. Discovery, integration and execution of web services are known as Semantic Web, static
as well as dynamic in which the results are obtained using the different case studies which is listed below:
Fake Bank website attracting the attackers.
Providing Greed to Attacker
Capturing the intruder if he uses SQL Injection on the Login Page.
Here we also emphasis on the Secure Semantic Web services that are the extension of the existing Web
Service with the well-defined meaning. The Composition of secure semantic web services (SSWS) has received
much interest to support business-to-business or enterprise application integration.
The Composition way that is used is the Orchestration which deals with describing how a number of
services, two or more, cooperate and communicate with the aim of achieving a common goal. The proposed
work is an ontology-based framework for the automatic composition of Web services [2]. The proposed
technique considers complex composition by including web services with Honeypot IDS multiple inputs in
composition process.
Keywords:
Mobile Agent (MA), Mobile Adhoc Network (MANET), Secure Semantic Web Service (SSWS), Web
Service Description Language (WSDL), Web Service Integration Gateway (WSIG), Universal Description
Discovery and Integration (UDDI).
I. INTRODUCTION OF WEB SERVICES IN MOBILE AGENTS
The Simple Web Service contains these main Protocols:-
Web Service Protocol Stack
(a) Service Transport
This layer is responsible for transporting messages between applications.
(b) XML messaging
This layer is responsible for encoding messages in a common XML format so that messages
can be understood at either end. Currently, this layer includes XML-RPC and SOAP [2].
(i) Service Description
This layer is responsible for describing the public interface to a specific web service.
Currently, service description is handled via the Web Service Description Language (WSDL).
(ii) Service Discovery
This layer is responsible for centralizing services into a common registry, and providing easy
publish/find functionality. Currently, service discovery is handled via Universal Description,
Discovery, and Integration (UDDI).
In this proposed work, I used the WSIG (Web Service Integration Gateway) add-on of the Java Agent
Development framework (JADE) which is exposing agent services as Web Services. The main protocols of the
Web Service are already included in this add-on.
The WSIG add-on supports the standard Web services stack, consisting of WSDL for service descriptions,
SOAP message transport and a UDDI repository for publishing Web services. WSIG is a web application
composed of two main elements [3]:
1. WSIG Servlet
2. WSIG Agent
Rajesh,Niranjan Page 66
The WSIG Servlet is the front-end towards the internet world and is responsible for
Serving incoming HTTP/SOAP requests
Extracting the SOAP message
Preparing the corresponding agent action and passing it to the WSIG Agent
Moreover once the action has been served
Converting the action result into a SOAP message
Preparing the HTTP/SOAP response to be sent back to the client
The WSIG Agent is the gateway between the Web and the Agent worlds and is responsible for
Forwarding agent actions received from the WSIG Servlet to the agents actually able to serve them
and getting back responses.
Subscribing to the JADE DF to receive notifications about agent registrations/deregistration.
Creating the WSDL corresponding to each agent service registered with the DF and publishes the
service in a UDDI registry if needed [3].
Figure 1 Gateway Architecture Overview
1. JADE agents publish their services in the DF (Directory Facilitator) providing a structure called DF-
Agent-Description and defined by the FIPA.
2. A DF-Agent-Description includes one or more Service-Description each one actually describing a
service provided by the registering agent.
3. A Service-Description typically specifies, among others, one or more ontology’s that must be known in
order to access the published service.
4. The actions the registering agent is actually able to perform are those defined in the specified
ontology’s [4].
In order to expose an agent service as a web service it is sufficient to set the wsig property to true in the
properties of the Service-Description at DF registration time as below:
ServiceDescription sd = new ServiceDescription ();
// WSIG properties
sd.addProperties(new Property(WSIG_FLAG, "true"));
Rajesh,Niranjan Page 67
Each Service-Description including the wsig property set to true will be mapped to a WSDL [4]. All
actions defined in the ontology’s specified in the Service-Description will be mapped to WSDL operations as
depicted in Figure 2.
The Agents are initially registered with the JADE and services also.
// Register into a DF
registerIntoDF();
The Agent based web service protocols
1. Service Transport The http protocol is used for transporting message between the Services [5].
2. XML Messaging
This layer is responsible for encoding messages so that messages can be understood at either
end. Currently, this layer includes XML-RPC and SOAP [4].
Soap request to Jade
Soap Client Request converted and solved and again re-converted
Jade to Soap Response
Operations:
- Action-1
…
…
- Action-n
Agent DF Agent
Description
Service
Description
Service
Description
Ontology
Action-1 Action-n
WSDL
…
Figure 2 Agents and Web Service Description linking and registration
3. Service Description This layer is responsible for describing the public interface to a specific web service.
Currently, service description is handled via the Web Service Description Language (WSDL).
Forwarding agent actions received from the WSIG Servlet to the agents actually able
to serve them and getting back responses.
Subscribing to the JADE DF to receive notifications about agent
registrations/deregistration [5].
// Subscribe to the DF
DFAgentDescription template = new DFAgentDescription();
ServiceDescription sd = new ServiceDescription();
sd.addProperties(new Property(WSIG_FLAG, "true"));
template.addServices(sd);
ACLMessage subscriptionMsg =
DFService.createSubscriptionMessage(this, getDefaultDF(), template, null);
Rajesh,Niranjan Page 68
Creating the WSDL corresponding to each agent service registered with the DF and
publish the service in a UDDI registry if needed [6].
// Create wsdl
JadeToWSDL.createWSDLFromSD(this, sd, wsigService);
// Register wsigService into UDDI
if (uddiManager != null) {
ServiceKey uddiServiceKey = uddiManager.UDDIRegister(wsigService);
wsigService.setUddiServiceKey(uddiServiceKey);
}
4. Service Discovery
This layer is responsible for centralizing services into a common registry, and providing easy
publish/find functionality. Currently, service discovery is handled via Universal Description,
Discovery, and Integration (UDDI) [6].
//Create UDDIManager
if (WSIGConfiguration.getInstance().isUddiEnable())
{
uddiManager = new UDDIManager();
}
II. HONEYPOT SYSTEM INTRUSION DETECTION WITH MOBILE AGENTS USING
WEB SERVICES
Honeypot describes the important features like attracting the attackers and securing the network in future. The
system work as Honeypot or the server which have fake websites and applications that will attract the attacker
or hacker. The websites have no connection with the real world, they were only meant for the attackers [7]. If
the user acts according to the Honeypot then the particular user will be blacklisted. The system belongs to
research honeypots and is deployed on real windows platform. It emulates vulnerable websites, tempting
intruders to attack by providing large amount of attractive information and exposing vulnerabilities. Proposed
work helps to detect the unknown attacks and secure the network in future [7].
Figure 3 Honeypot Network Systems and Their Working
Rajesh,Niranjan Page 69
From the above the figure this can be seen that Mobile Ad-hoc Network (MANET) has been created and in that
network we are having a System as our Honeypot System or Server that will attract the attacker by providing
him fake and vulnerable web sites [8]. These sites will provide fake and more and more disinformation to the
attacker. If a normal user doesn’t find any benefit in that sites then he will himself close that and does not continue, so the particular user will be placed in the whitelist while if the user/attacker found that if they hack
or disturb the database in those particular sites and continue in that, will be blacklisted.
It consists of log having two list of database-
First (Blacklist)-It contains the list of IP blocks from the database and generate the output scheme.
Second (Whitelist)-It consist of IP addresses which should never be added (either you own them or because
they belong to somebody whom you trust a lot) [8].
III. CASE STUDIES AND RESULTS
Case Study: 1 Fake Bank website attracting the attackers.
A bank login page will be shown to the attacker he uses hit and trail method and guesses ID and password.
The Honeypot will provide fake detail about some user to show him that his trail or the guess was correct and
now he can do the changes or transfer money from that account. Side by side the Honeypot was monitoring its
activities and blacklist the user [9].
1. When the user enters the correct login and password the he would be directed to his account.
Figure 4 Login Page
The valid user would get the real page of his account and to check whether it is the real page, one can
check the URL of the page where the URL contains the ValidLogin.aspx page which is directly from the Server
[9].
Rajesh,Niranjan Page 70
Figure 5 Valid User Page
2. When the attacker try to guess the password and uses hit and trail method for more than 3 times then he
would be directed to the page which is exactly the same as the original valid page but it could be seen that
the URL was not same as of the Valid Login Page. The URL of this page contains hacker.aspx instead of
ValidLogin.aspx.
Figure 6 Hacker Page
Now the attacker can perform any action like Deposit as it was performed below and successful transaction
would be shown but side by side the information regarding the attacker would be send to the server page of
Bank [10].
Rajesh,Niranjan Page 71
Figure 7 Deposit Page
Figure 8Successful Transaction Page
Below contains the information of the attacker to the server of the Bank.
Rajesh,Niranjan Page 72
Figure 9 Server Page of the Bank
CASE STUDY: 2 Providing Greed to Attacker.
In this a normal Goggle Page has been created with an attached message that if anybody want to know
the password of others then click on the button. And after that some information is gathered from the attacker to
show him that he was using a genuine site [10]. In this way if the attacker comes in trap will be blacklisted. A
normal Google page with a statement “to know the password of others,” when the user click on the button
would be directed to a page to enter the ID
.
Figure 10 Google Page
Rajesh,Niranjan Page 73
The user enters the ID and would be directed be directed to the error page.
Figure 11 ID page
Error page would be shown to the attacker and side by side his IP address would be blacklisted [11].
Figure 12 Error Page
CASE STUDY: 3 capturing the intruder if he uses SQL Injection on the Login Page.
A simple Login Page has been created and a database too. If any attacker uses the SQL injection or the special
characters to go into the database then that particular user will be blacklisted [11].
Rajesh,Niranjan Page 74
Figure 13 System Structure of Honeypot System
1. If the user enters the valid Login and ID would be directed to the welcome as was not a hacker and can
continue in his account.
Figure 14 Login Page
Welcome pages shown below for the authorized user [12].
Figure 15 Valid User Page
Rajesh,Niranjan Page 75
2. If the attacker uses the SQL Injection or the special characters then would be directed to the block page.
Figure16 Injection Page
Blocked page for the attacker/intruder [12].
Figure 17 Hacker Page
IV. CONCLUSION
The proposed Secure Web Services in Mobile Agents by using Honeypot System as Intrusion
Detection for MANET in concern with the security perspective can make up for the shortcomings of firewalls
and other IDSs that is must for Mobile Ad-Hoc Network. The Honeypot will make the attacker to attack the
particular sites and side by side monitor its illegal steps to confirm about its identity. This proposed Secure Web
Services work together with Honeypot ID system that will make the IP address of attacker to be blocked for
further access of any site in the MANET mainly concerns on mobile agents . It obtains complete attack vectors
and grasping the intention of the intruders that is necessary for the secured web services because if the security
exist then the clients will have faith in the technology. Now a day’s all important activities are gone through the
Internet in earlier the myth is that a scooter cant works without the petrol in today’s scenario without internet we
can’t survive or done our work smoothly, all aspects of life is depends on the technology. That is why the
security for web services is must. Moreover, here Mobile Agents can clearly found the attack by saving the time
of security researchers on reading log files and tracking intruders. Such Honeypot with mobile Agents mainly
emphasis on the security could be valuable tool for securing web applications when web applications are certain
to continue to be attractive targets. The Results are also shown in the different devices also which proves it will
works on the MANET efficiently.
Rajesh,Niranjan Page 76
REFERENCES
[1] A. Doan, J. Madhavan, R. Dhamankar, P. Domingos, and A. Halevy (2003), “Learning to Match Ontologies
on the Semantic Web”, VLDB Journal, Special Issue on the Semantic Web.
[2] B. Arpinar, B. Aleman-Meza, R. Zhang, A. Maduko (2004). “Ontology-Driven Web Services Composition
Platform”. In IEEE International Conference on E-Commerce Technology (CEC'04)”, San Diego, California,
USA, July 6-9, pp. 146-152.
[3] Biswanath Dutta (2008). “Semantic Web Services: A Study of Existing Technologies, Tools and Projects”
DESIDOC Journal of Library & Information Technology, 28(3), pp. 47-55.
[4] P.Rajasekaran, J. Miller, K. Verma, A. Sheth (2013), Enhancing Web Services Description and Discovery to
Facilitate Composition, International Workshop on Semantic Web Services and Web Process Composition.
[5] Rao, J., et al. (2013), “A Mixed Initiative Approach to Semantic Web Service Discovery and Composition:
SAP's Guided Procedures Framework, in The IEEE Intl Conf on Web Services (ICWS'13)”.
[6] Swapna Oundhakar, Kunal Verma, Kaarthik Sivashanmugam, Amit Sheth, John Miller (2013), “Discovery
of Web Services in a Multi-Ontology and Federated Registry Environment” International Journal of Web
Services Research, 1 (3).
[7].Kyi Lin Kyaw, Department of Engineering Physics, Mandalay Technological University, Pathein Gyi,
Mandalay., "Hybrid Honeypot system for network Security," World Academy of Science, Engineering and
Technology 48 2011.
[8]. From Wikipedia en.wikie,”en.wikipedia.org/wiki/wireless_network”.
[9]. Sebring, Michael M., and Whitehurst, R. Alan., "Expert Systems in Intrusion Detection: A Case Study," The
31th National Computer Security Conference, October, 2010.
[10].Thomas M. Chen and John Buford, “Design Considerations for a honeypot for SQL Injection Attacks”,
LCN Workshop on Security in communications Networks, Switzerland; 20-23 October 2010.
[11].Wei Huang and Jiao Ma, “High-Interaction Honeypot System for SQL Injection Analysis”, International
Conference of Information Technology, 2011.
[12].“Securing WMN using Hybrid Honeypot System”, Paramjeet Rawat, Sakshi Goel, Megha Agarwal and
Ruy Singh, International Journal of Distributed and Parallel Systems (IJDPS), May 2012.