Connectivity to computer networks, and more particularly to the Internet, revolutionized the manner in which goods and services are provided. Prior to the near-universal connectivity to networks and the Internet, human interaction was typically required to complete transactions, such as purchasing software or providing data in an informational database. Moreover, distribution of some products required a system for packaging and distributing the products to buyers. However, creating a system of distributing software and similar products was typically expensive for providers. Moreover, exchanging large quantities of information through non-computerized means required at least some human involvement and, as a result, was time-consuming and expensive.
While the interconnectivity provided by modern computer networks is generally conducive to allowing computers exchange information, interconnectivity has also made computers more vulnerable to attacks. As those skilled in the art will recognize, these attacks come in many different forms including, but certainly not limited to, computer viruses, computer worms, system component replacements, denial of service attacks, even misuse/abuse of legitimate computer system features—all of which exploit one or more computer system vulnerabilities for illegitimate purposes. While those skilled in the art will realize that the various computer attacks are technically distinct from one another, for purposes of the present invention and for simplicity in description, all malicious computer programs will be generally referred to hereinafter as computer malware, or more simply, malware.
When a computer is attacked or “infected” by computer malware, the adverse results are varied, including disabling system devices; erasing or corrupting firmware, applications, or data files; transmitting potentially sensitive data to another location on the network; shutting down the computer; or causing the computer to crash. Yet another pernicious aspect of many, though not all, computer malware is that an infected computer is used to infect other computers.
One system that facilitates the communication of data between network computers, using protocols developed for the Internet, is a Web service. Those skilled in the art and others will recognize that a Web service refers to a software system with a network accessible interface that performs actions on behalf of other software systems. A Web service is typically accessed using standard protocols such as the Simple Object Access Protocol (“SOAP”). A software system located on a remote computer may interact with a Web service in a manner prescribed by definitions that are provided in a service description which defines the methods for communicating with the Web service. Also, interactions between software systems typically occur using Extensible Markup Language (“XML”) based messages exchanged via Internet-based protocols, such as the HyperText Transfer Protocol (“HTTP”). For example, one way to communicate with a Web service is using the Web Services Description Language (“WSDL”) which is in XML-based language that is used to describe a Web service as a set of endpoints. In this way, a Web service may expose processes to remote software systems for accessing data or executing operations on a computer, or a cluster of computers, that provides the Web service. Typically, a Web service supports interactions with other software systems at a specified location on a network that may be identified using a Uniform Resource Indicator (“URI”). A Web service allows developers to use different operating systems and programming languages for communicating between software systems. Moreover, processes provided by a Web service are accessible, for example, by exchanging XML data through a Web interface. As a result, different programs may be combined in a loosely coupled manner to achieve complex operations.
Unfortunately, an entity that makes requests to a Web service (hereinafter referred to as a “service requester” or a “requestor computer”) may be able to generate one or more messages that have malicious effects. Stated differently, computers that provide a Web service are susceptible to malware generated by services requestors. For example, a malware author may pass a validly formed request to a Web service that causes a denial of service attack, due to the computational complexity of parsing the XML grammar in the request on a server computer. As mentioned previously, this type of misuse/abuse of legitimate computer system features—that causes a negative effect on the computer receiving the transmission is categorized as malware in the present application. Those skilled in the art and others will recognize that computers and networks need certain resources to operate, such as network bandwidth, memory, disk space, and access to a central processing unit (“CPU”), etc. In a denial of service attack, a request is made to a Web service that is designed to consume and overwhelm scarce resources on the computer that provides the Web service. As a result, other service requestors are denied, or have limited access to, the Web service that is being attacked. Those skilled in the art and others will recognize that a denial of service attack is just one example of a way in which computers that provide a Web service may be attacked by malware generated in a request to the Web service.