The All-Seeing Eye: A Massive-Multi-Sensor Zero-Configuration Intrusion Detection System for Web Applications
作者: Christoph Pohl , Hans-Joachim Hof
DOI:
关键词:
摘要: Timing attacks are a challenge for current intrusion detection solutions. dangerous web applications because they may leak information about side channel vulnerabilities. This paper presents massive-multi-sensor zero-configuration Intrusion Detection System that is especially good at detecting timing attacks. Unlike solutions, the proposed uses huge number of sensors attack detection. These include automatically inserted into application or frameworks used to build applications. With this approach able detect sophisticated like other brute-force with increased accuracy. The system does not need specific knowledge protect, hence it offers capability.
arxiv.org参考文章(10)
G.E. Liepens, H.S. Vaccaro, Intrusion detection: Its role and validation Computers & Security. ,vol. 11, pp. 347- 355 ,(1992) , 10.1016/0167-4048(92)90175-Q
Wenke Lee, Salvatore J. Stolfo, Data mining approaches for intrusion detection usenix security symposium. pp. 6- 6 ,(1998) , 10.21236/ADA401496
Steven A. Hofmeyr, Stephanie Forrest, Anil Somayaji, Intrusion detection using sequences of system calls Journal of Computer Security. ,vol. 6, pp. 151- 180 ,(1998) , 10.3233/JCS-980109
Animesh Patcha, Jung-Min Park, None, An overview of anomaly detection techniques: Existing solutions and latest technological trends Computer Networks. ,vol. 51, pp. 3448- 3470 ,(2007) , 10.1016/J.COMNET.2007.02.001
Fernando Silveira, Christophe Diot, URCA: Pulling out Anomalies by their Root Causes international conference on computer communications. pp. 722- 730 ,(2010) , 10.1109/INFCOM.2010.5462151
Christopher Kruegel, Giovanni Vigna, Anomaly detection of web-based attacks computer and communications security. pp. 251- 261 ,(2003) , 10.1145/948109.948144
Anil Somayaji, Steven A. Hofmeyr, Thomas A. Longstaff, Stephanie Forrest, A sense of self for Unix processes ieee symposium on security and privacy. pp. 120- 128 ,(1996) , 10.5555/525080.884258
Alessandro Frossi, Federico Maggi, Gian Luigi Rizzo, Stefano Zanero, Selecting and Improving System Call Models for Anomaly Detection Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 206- 223 ,(2009) , 10.1007/978-3-642-02918-9_13
H.S. Javitz, A. Valdes, The SRI IDES statistical anomaly detector ieee symposium on security and privacy. pp. 316- 326 ,(1991) , 10.1109/RISP.1991.130799
D.E. Denning, An Intrusion-Detection Model IEEE Transactions on Software Engineering. ,vol. 13, pp. 222- 232 ,(1987) , 10.1109/TSE.1987.232894