eprintid: 6762 rev_number: 2 eprint_status: archive userid: 1 dir: disk0/00/00/67/62 datestamp: 2023-11-09 16:18:33 lastmod: 2023-11-09 16:18:33 status_changed: 2023-11-09 16:07:36 type: conference_item metadata_visibility: show creators_name: Ibrahim, B.M. creators_name: Hassan, M.F. title: A new customizable security framework for preventing WSDL attacks ispublished: pub keywords: Distributed computer systems; Electronic document exchange; HTTP; Information services; Internet protocols; Network architecture; Network security; Neural networks; Quality of service; Service oriented architecture (SOA); Websites; WSDL; XML, Developing solutions; Enterprise application integration; Machine architectures; Security frameworks; Sensitive informations; Simple object access protocols; SOA Security; Web service description language, Web services note: cited By 5; Conference of 2015 International Symposium on Mathematical Sciences and Computing Research, iSMSC 2015 ; Conference Date: 19 May 2015 Through 20 May 2015; Conference Code:124374 abstract: The Service Oriented Architecture (SOA) has emerged as a dominant paradigm in the recent era for Enterprise Application Integration (EAI). Web Services are the implementation of SOA, where a service is Software component which does a specific functionality and does not depend on the context of other services. These services support distributed functionalities which operate irrespective of machine architectures, operating systems and programming languages; where the data transmission is done through the simple Internet protocols such as HTTP in Web Services. As the data is transferred in XML format which is a plain text, it is prone for attacks. The Web Service Description Language (WSDL) is an XML document that describes the services including their input/output parameters, while Simple Object Access Protocol (SOAP) describes the communication part. The standard SOA does not provide any sufficient security mechanisms for both WSDL and SOAP messages. Through literatures, it has been shown that there is a huge interest in developing solutions for SOAP message level attacks; however, there is not much on WSDL attacks. As a matter of fact, the WSDL attacks are severe in nature which can even halt the entire web services down. An attacker can reveal sensitive information as well as can interpret the list of operations that are provided by the web services. In this paper, the possible WSDL attacks are critically analyzed with their impact. A new SOA security framework which prevents the WSDL attacks and preserves the confidentiality and integrity of transmitted WSDL document is proposed. This framework effectively applies available security standards, and as a novelty it uses Artificial Neural Networks for knowledge acquisition of WSDL attacks dynamically. © 2015 IEEE. date: 2016 publisher: Institute of Electrical and Electronics Engineers Inc. official_url: https://www.scopus.com/inward/record.uri?eid=2-s2.0-84995593506&doi=10.1109%2fISMSC.2015.7594022&partnerID=40&md5=0aa1b32c17b9a35826d0aa694bd10345 id_number: 10.1109/ISMSC.2015.7594022 full_text_status: none publication: 2015 International Symposium on Mathematical Sciences and Computing Research, iSMSC 2015 - Proceedings pagerange: 24-29 refereed: TRUE isbn: 9781479978946 citation: Ibrahim, B.M. and Hassan, M.F. (2016) A new customizable security framework for preventing WSDL attacks. In: UNSPECIFIED.