Adaptive Rule Loading and Session Control for Securing Web-Delivered Services

In this paper, we present Arctic, an adaptive reinforcement learning control technique for Web intrusion check. A rule-based model is designed to describe the requirement of vulnerability detection. The whole validation rule set is divided into multiple sections, and each can be enabled in either in-line control mode or off-line monitoring mode based on the observation and analysis of user behaviors, balancing security and system cost. For the different sizes of in-line validation rules, we use the reinforcement learning technique to adjust the session admission control, maintaining the response time in an acceptable level as well as maximizing the utilization of system resources. We design a runtime protection mechanism using a HTTP session listener and servlet filters in the J2EE container to intercept HTTP requests and responses. Preliminary results of our implementation are presented in this paper.