6 October 2011 Data mining approach to web application intrusions detection
Author Affiliations +
Proceedings Volume 8008, Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2011; 800817 (2011) https://doi.org/10.1117/12.905681
Event: Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2011, 2011, Wilga, Poland
Abstract
Web applications became most popular medium in the Internet. Popularity, easiness of web application script languages and frameworks together with careless development results in high number of web application vulnerabilities and high number of attacks performed. There are several types of attacks possible because of improper input validation: SQL injection Cross-site scripting, Cross-Site Request Forgery (CSRF), web spam in blogs and others. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. This paper presents data mining based algorithm for anomaly detection. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the “normal” or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Previously presented detection method was rewritten and improved. Some tests show that the software catches malicious requests, especially long attack sequences, results quite good with medium length sequences, for short length sequences must be complemented with other methods.
© (2011) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Arkadiusz Kalicki, Arkadiusz Kalicki, } "Data mining approach to web application intrusions detection", Proc. SPIE 8008, Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2011, 800817 (6 October 2011); doi: 10.1117/12.905681; https://doi.org/10.1117/12.905681
PROCEEDINGS
11 PAGES


SHARE
Back to Top