Sciweavers

NDSS
2006
IEEE

Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks

14 years 6 months ago
Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks
The custom, ad hoc nature of web applications makes learning-based anomaly detection systems a suitable approach to provide early warning about the exploitation of novel vulnerabilities. However, anomaly-based systems are known for producing a large number of false positives and for providing poor or non-existent information about the type of attack that is associated with an anomaly. This paper presents a novel approach to anomalybased detection of web-based attacks. The approach uses an anomaly generalization technique that automatically translates suspicious web requests into anomaly signatures. These signatures are then used to group recurrent or similar anomalous requests so that an administrator can easily deal with a large number of similar alerts. In addition, the approach uses a heuristics-based technique to infer the type of attacks that generated the anomalies. This enables the prioritization of the attacks and provides better information to the administrator. Our approach ...
William K. Robertson, Giovanni Vigna, Christopher
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where NDSS
Authors William K. Robertson, Giovanni Vigna, Christopher Krügel, Richard A. Kemmerer
Comments (0)