Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Identification of host audit data to detect attacks on low-level IP vulnerabilities
Journal of Computer Security
Writing Apache Modules with PERL and C
Writing Apache Modules with PERL and C
A network audit system for host-based intrusion detection (NASHID) in Linux
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Anomaly intrusion detection in dynamic execution environments
Proceedings of the 2002 workshop on New security paradigms
Integrated Access Control and Intrusion Detection for Web Servers
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
An anomaly-driven reverse proxy for web applications
Proceedings of the 2006 ACM symposium on Applied computing
Detecting Shrew HTTP Flood Attacks for Flash Crowds
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part I: ICCS 2007
Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Journal of Computer Security - Best papers of the Sec Track at the 2006 ACM Symposium
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Architecture for data collection in database intrusion detection systems
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
METAL – a tool for extracting attack manifestations
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Enhancing the accuracy of network-based intrusion detection with host-based context
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
| Hi-index | 0.00 |
This paper describes a new approach to collecting real-time transaction information from a server application and forwarding the data to an intrusion detection system. While the few existing application-based intrusion detection systems tend to read log files, the proposed application-integrated approach uses a module coupled with the application to extract the desired information. The paper describes the advantages of this approach in general, and how it complements traditional network-based and host-based data collection methods. The most compelling benefit is the ability to monitor transactions that are encrypted when transported to the application and therefore not visible to network traffic monitors. Further benefits include full insight into how the application interprets the transaction, and data collection that is independent of network line speed. To evaluate the proposed approach, we designed and implemented a data-collection module for the Apache Web server. Our experiments showed that the required implementation effort was moderate, that existing communication and analysis components could be used without incurring adaptation costs, and that the performance impact on the Web server is tolerable.