Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Dynamically discovering likely program invariants to support program evolution
Proceedings of the 21st international conference on Software engineering
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Learning Fingerprints for a Database Intrusion Detection System
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Bayesian Event Classification for Intrusion Detection
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A Stateful Intrusion Detection System for World-Wide Web Servers
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Gray-box extraction of execution graphs for anomaly detection
Proceedings of the 11th ACM conference on Computer and communications security
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Context-sensitive multi-model anomaly detection
Context-sensitive multi-model anomaly detection
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
The Daikon system for dynamic detection of likely invariants
Science of Computer Programming
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
TokDoc: a self-healing web application firewall
Proceedings of the 2010 ACM Symposium on Applied Computing
An empirical investigation into open source web applications' implementation vulnerabilities
Empirical Software Engineering
A distributed multi-approach intrusion detection system for web services
Proceedings of the 3rd international conference on Security of information and networks
Enforcing request integrity in web applications
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Enhancing Intrusion Detection System with proximity information
International Journal of Security and Networks
Toward automated detection of logic vulnerabilities in web applications
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Strengthening XSRF defenses for legacy web applications using whitebox analysis and transformation
ICISS'10 Proceedings of the 6th international conference on Information systems security
Proceedings of the 16th Conference on Pattern Languages of Programs
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
Artificial intelligence and the future of cybersecurity
Proceedings of the 4th ACM workshop on Security and artificial intelligence
BLOCK: a black-box approach for detection of state violation attacks towards web applications
Proceedings of the 27th Annual Computer Security Applications Conference
SENTINEL: securing database from logic flaws in web applications
Proceedings of the second ACM conference on Data and Application Security and Privacy
XSS-Dec: a hybrid solution to mitigate cross-site scripting attacks
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Enemy of the state: a state-aware black-box web vulnerability scanner
Security'12 Proceedings of the 21st USENIX conference on Security symposium
SQL injection detection via program tracing and machine learning
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Control-Flow integrity in web applications
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
EARs in the wild: large-scale analysis of execution after redirect vulnerabilities
Proceedings of the 28th Annual ACM Symposium on Applied Computing
LogicScope: automatic discovery of logic vulnerabilities within web applications
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Automated black-box detection of access control vulnerabilities in web applications
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
In recent years, web applications have become tremendously popular, and nowadays they are routinely used in security-critical environments, such as medical, financial, and military systems. As the use of web applications for critical services has increased, the number and sophistication of attacks against these applications have grown as well. Most approaches to the detection of web-based attacks analyze the interaction of a web application with its clients and back-end servers. Even though these approaches can effectively detect and block a number of attacks, there are attacks that cannot be detected only by looking at the external behavior of a web application. In this paper, we present Swaddler, a novel approach to the anomaly-based detection of attacks against web applications. Swaddler analyzes the internal state of a web application and learns the relationships between the application's critical execution points and the application's internal state. By doing this, Swaddler is able to identify attacks that attempt to bring an application in an inconsistent, anomalous state, such as violations of the intended workflow of a web application. We developed a prototype of our approach for the PHP language and we evaluated it with respect to several real-world applications.