%0 Conference Paper %A Ibrahim, B.M. %A Hassan, M.F. %D 2016 %F scholars:6762 %I Institute of Electrical and Electronics Engineers Inc. %K Distributed computer systems; Electronic document exchange; HTTP; Information services; Internet protocols; Network architecture; Network security; Neural networks; Quality of service; Service oriented architecture (SOA); Websites; WSDL; XML, Developing solutions; Enterprise application integration; Machine architectures; Security frameworks; Sensitive informations; Simple object access protocols; SOA Security; Web service description language, Web services %P 24-29 %R 10.1109/ISMSC.2015.7594022 %T A new customizable security framework for preventing WSDL attacks %U https://khub.utp.edu.my/scholars/6762/ %X The Service Oriented Architecture (SOA) has emerged as a dominant paradigm in the recent era for Enterprise Application Integration (EAI). Web Services are the implementation of SOA, where a service is Software component which does a specific functionality and does not depend on the context of other services. These services support distributed functionalities which operate irrespective of machine architectures, operating systems and programming languages; where the data transmission is done through the simple Internet protocols such as HTTP in Web Services. As the data is transferred in XML format which is a plain text, it is prone for attacks. The Web Service Description Language (WSDL) is an XML document that describes the services including their input/output parameters, while Simple Object Access Protocol (SOAP) describes the communication part. The standard SOA does not provide any sufficient security mechanisms for both WSDL and SOAP messages. Through literatures, it has been shown that there is a huge interest in developing solutions for SOAP message level attacks; however, there is not much on WSDL attacks. As a matter of fact, the WSDL attacks are severe in nature which can even halt the entire web services down. An attacker can reveal sensitive information as well as can interpret the list of operations that are provided by the web services. In this paper, the possible WSDL attacks are critically analyzed with their impact. A new SOA security framework which prevents the WSDL attacks and preserves the confidentiality and integrity of transmitted WSDL document is proposed. This framework effectively applies available security standards, and as a novelty it uses Artificial Neural Networks for knowledge acquisition of WSDL attacks dynamically. © 2015 IEEE. %Z cited By 5; Conference of 2015 International Symposium on Mathematical Sciences and Computing Research, iSMSC 2015 ; Conference Date: 19 May 2015 Through 20 May 2015; Conference Code:124374