SAD: web session anomaly detection based on parameter estimation
作者: Sanghyun Cho , Sungdeok Cha
DOI: 10.1016/J.COSE.2004.01.006
关键词:
摘要: Web attacks are too numerous in numbers and serious potential consequences for modern society to tolerate. Unfortunately, current generation signature-based intrusion detection systems (IDS) inadequate, security techniques such as firewalls or access control mechanisms do not work well when trying secure web services. In this paper, we empirically demonstrate that the Bayesian parameter estimation method is effective analyzing logs detecting anomalous sessions. When were simulated with Whisker software, Snort, a well-known IDS based on misuse detection, caught only slightly more than one third of attacks. Our technique, session anomaly (SAD), other hand, detected nearly all without having rely attack signatures at all. SAD works by first developing normal usage profile comparing logs, they generated, against expected frequencies. research indicates has previously unknown proposed approach would play key role an integrated environment provide reliable
elsevier.com
korea.ac.kr 参考文章(9)
Philip K. Chan, Matthew V. Mahoney, PHAD: packet header anomaly detection for identifying hostile network traffic ,(2001)
Samuel Patton, An Achilles Heel in Signature-Based IDS : Squealing False Positives in SNORT Proceedings of RAID2001, Davis, CA, USA. ,(2001)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin, Sal Stolfo, None, Detecting malicious software by monitoring anomalous windows registry accesses recent advances in intrusion detection. pp. 36- 53 ,(2002) , 10.1007/3-540-36084-0_3
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
Christopher Krügel, Thomas Toth, Engin Kirda, Service specific anomaly detection for network intrusion detection acm symposium on applied computing. pp. 201- 208 ,(2002) , 10.1145/508791.508835
Robert Cooley, Bamshad Mobasher, Jaideep Srivastava, Data Preparation for Mining World Wide Web Browsing Patterns Knowledge and Information Systems. ,vol. 1, pp. 5- 32 ,(1999) , 10.1007/BF03325089
M.V. Mahoney, P.K. Chan, Learning rules for anomaly detection of hostile network traffic international conference on data mining. pp. 601- 604 ,(2003) , 10.1109/ICDM.2003.1250987