检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:Tomás Sureda Riera Juan Ramón Bermejo Higuera Javier Bermejo Higuera Juan Antonio Sicilia Montalvo José Javier Martínez Herráiz
机构地区:[1]Computer Science Department,University of Alcalá,Madrid,28801,Spain [2]Escuela Superior de Ingeniería y Tecnología,Universidad Internacional de La Rioja,Logrono,26006,Spain
出 处:《Computer Modeling in Engineering & Sciences》2022年第12期579-599,共21页工程与科学中的计算机建模(英文)
摘 要:Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources.Thus,different approaches to protect web applications have been proposed to date.Of them,the two major approaches are Web Application Firewalls(WAF)and Runtime Application Self Protection(RASP).It is,thus,essential to understand the differences and relative effectiveness of both these approaches for effective decisionmaking regarding the security of web applications.Here we present a comparative study between WAF and RASP simulated settings,with the aim to compare their effectiveness and efficiency against different categories of attacks.For this,we used computation of different metrics and sorted their results using F-Score index.We found that RASP tools scored better than WAF tools.In this study,we also developed a new experimental methodology for the objective evaluation ofweb protection tools since,to the best of our knowledge,nomethod specifically evaluates web protection tools.
关 键 词:Web Application Firewall(WAF) Runtime Application Self Protection(RASP) F-Score web attacks experimental methodology
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7
