Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries
作者: Giovanni Vigna , Fredrik Valeur , Davide Balzarotti , William Robertson , Christopher Kruegel
关键词: Database 、 SQL 、 Web analytics 、 Web application 、 Computer security 、 Database security 、 Anomaly detection 、 Web server 、 False positives and false negatives 、 Computer science 、 Web threat
摘要: Web-based applications have become a popular means of exposing functionality to large numbers users by leveraging the services provided web servers and databases. The wide proliferation custom-developed web-based suggests that anomaly detection could be suitable approach for providing early warning real-time blocking application-level exploits. Therefore, number research prototypes commercial products learn normal usage patterns been developed. Anomaly techniques, however, are prone both false positives negatives. As result, if anomalous requests simply blocked, it is likely some legitimate would denied, resulting in decreased availability. On other hand, malicious allowed access application's data stored back-end database, security-critical information leaked an attacker. To ameliorate this situation, we propose system composed system, reverse HTTP proxy, database system. Serially composing detector SQL query increases rate our To address potential increase positive rate, leverage anomaly-driven proxy serve anomalous-but-benign do not require sensitive information. We developed prototype evaluated its applicability with respect several existing applications, showing feasible effective reducing
ucsb.edu
sci-hub.se 参考文章(20)
Thomas Toth, Christopher Kruegel, Accurate buffer overflow detection via abstract payload execution recent advances in intrusion detection. pp. 274- 291 ,(2002) , 10.1007/3-540-36084-0_15
Sin Yeung Lee, Wai Lup Low, Pei Yuen Wong, Learning Fingerprints for a Database Intrusion Detection System european symposium on research in computer security. pp. 264- 280 ,(2002) , 10.1007/3-540-45853-0_16
Magnus Almgren, Marc Dacier, Hervé Debar, A Lightweight Tool for Detecting Web Server Attacks. network and distributed system security symposium. ,(2000)
Anthony J. Hayter, Probability and statistics for engineers and scientists ,(1996)
K. G. Anagnostakis, K. Xinidis, A. D. Keromytis, E. Markatos, S. Sidiroglou, P. Akritidis, Detecting targeted attacks using shadow honeypots usenix security symposium. pp. 9- 9 ,(2005) , 10.7916/D8WM1PS8
Elvis Tombini, Hervé Debar, Ludovic Mé, Mireille Ducassé, A serial combination of anomaly and misuse IDSes applied to HTTP traffic annual computer security applications conference. pp. 428- 437 ,(2004) , 10.1109/CSAC.2004.4
Ivan Balepin, Sergei Maltsev, Jeff Rowe, Karl Levitt, Using specification-based intrusion detection for Automated response recent advances in intrusion detection. pp. 136- 154 ,(2003) , 10.1007/978-3-540-45248-5_8
Fredrik Valeur, Darren Mutz, Giovanni Vigna, A learning-based approach to the detection of SQL attacks international conference on detection of intrusions and malware and vulnerability assessment. pp. 123- 140 ,(2005) , 10.1007/11506881_8
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Wenke Lee, Wei Fan, Matthew Miller, Salvatore J. Stolfo, Erez Zadok, Toward cost-sensitive modeling for intrusion detection and response Journal of Computer Security. ,vol. 10, pp. 5- 22 ,(2002) , 10.3233/JCS-2002-101-202