Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
HASE '08 Proceedings of the 2008 11th IEEE High Assurance Systems Engineering Symposium
Hi-index | 0.00 |
This paper describes a concept of an algorithm, which can be used for automated identification of vulnerable parts of web applications based on increased occurrence of anomalies detected by the anomaly-based IDS (Intrusion Detection System). The output of our anomaly evaluation algorithm can direct security engineers and application developers to those modules of a web application, which are "attractive" for the attackers, or even point to some security vulnerabilities in particular modules of the application. The methods of anomaly detection in HTTP traffic and process of building the model of the application's structure by analysis of requested URLs are also discussed in this paper.