SPHERES: an efficient server-side web application protection system.

While the web attacks grow in number and manner, the current web protection methods fail to follow this evolution. This paper introduces a new design of a web application protection method called SPHERES. The main idea behind SPHERES is that it is placed in the application server; it intercepts the decrypted traffic, and checks it against a set of filtering rules specific to the requests. This design allows SPHERES to have the most accurate picture of the exchanged traffic, the websites structures and workflows, the user sessions and their states, and the system states. This accurate picture of the total system allows SPHERES to build a protection sphere around the website and checks several types and levels of protections efficiently. In addition to the detection of known attacks, SPHERES is able to detect zero-day attacks at runtime. The performance study of SPHERES shows that it is much better than two famous existing web protection tools.