IMSA'07 IASTED European Conference on Proceedings of the IASTED European Conference: internet and multimedia systems and applications
EurolMSA '07 Proceedings of the Third IASTED European Conference on Internet and Multimedia Systems and Applications
A distributed multi-approach intrusion detection system for web services
Proceedings of the 3rd international conference on Security of information and networks
Security Testing Methodology for Vulnerabilities Detection of XSS in Web Services and WS-Security
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.00 |
Frequency of attacks on web services and resulting damagecontinue to grow as web services become popular.Unfortunately, existing signature-based intrusion detectiontechniques are inadequate in providing reasonable degreeof web security. Web attacks are diverse in nature, and typicalweb architecture consists of complex and hierarchicallyorganized components. Because attack strategies oftenvary depending on the web contents, it is impossible to developfixed patterns capturing unknown attacks. Protectionmechanisms such as anomaly-based intrusion detection andapplication-level IDS, tailored to web services, are neededto detect web attacks. The first step in developing web applicationIDS is to analyze and categorize possible web attacksand vulnerabilities. In this paper, we classify web attacks byanalyzing the root causes and the locations where they occur.This research is useful in developing web IDS modules,tracking emerging trends on web attacks, and testing webapplications against potential vulnerabilities.