Gateway Access Permission Technology for High Assurance

The application layer attacks on internet are increasing day by day and this alarming situation has forced organizations to formulate new policies to overall increase the immunity of their systems against growing nature of these attacks. Published surveys reported that 60-80% of web based attacks target the application layer and more than 90% of web applications are vulnerable to these attacks. One of such botnet is Gumblar that has affected many servers across the world. Gumblar scripts are embedded in .html, .js and .php files and infects other .php, .html and .js website files and ultimately leads to stealing FTP credentials and rapidly infecting other sites visited and halts the victim´s machine as well. This paper presents proxy server based Gateway Access Permission system architecture and discuss in detail the light-weight based Gateway Access Permission (GAP) Technology. GAP counters Gumblar attacks, remote access Trojans, FTP Trojans and zero byte files through multidimensional strategies to provide full detection and removal functionality. It uses a multi-layered double detection policy to detect Gumblar malwares where it decodes and applies predefined functions on various patterns to check for the corrupted traces as well as update and manage a black list of corrupted URLs to enhance the organization´s internal security. Evaluation results show accurate detection of Gumblar and its both in on-line and off-line mode.