Anomaly detection of web-based attacks

12 years 3 months ago
Anomaly detection of web-based attacks
Web-based vulnerabilities represent a substantial portion of the security exposures of computer networks. In order to detect known web-based attacks, misuse detection systems are equipped with a large number of signatures. Unfortunately, it is difficult to keep up with the daily disclosure of web-related vulnerabilities, and, in addition, vulnerabilities may be introduced by installation-specific web-based applications. Therefore, misuse detection systems should be complemented with anomaly detection systems. This paper presents an intrusion detection system that uses a number of different anomaly detection techniques to detect attacks against web servers and web-based applications. The system correlates the serverside programs referenced by client queries with the parameters contained in these queries. The application-specific characteristics of the parameters allow the system to perform focused analysis and produce a reduced number of false positives. The system derives automatic...
Christopher Krügel, Giovanni Vigna
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where CCS
Authors Christopher Krügel, Giovanni Vigna
Comments (0)