Share Email Print
cover

Proceedings Paper

Data mining approach to web application intrusions detection
Author(s): Arkadiusz Kalicki
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Web applications became most popular medium in the Internet. Popularity, easiness of web application script languages and frameworks together with careless development results in high number of web application vulnerabilities and high number of attacks performed. There are several types of attacks possible because of improper input validation: SQL injection Cross-site scripting, Cross-Site Request Forgery (CSRF), web spam in blogs and others. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. This paper presents data mining based algorithm for anomaly detection. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the “normal” or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Previously presented detection method was rewritten and improved. Some tests show that the software catches malicious requests, especially long attack sequences, results quite good with medium length sequences, for short length sequences must be complemented with other methods.

Paper Details

Date Published: 7 October 2011
PDF: 11 pages
Proc. SPIE 8008, Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2011, 800817 (7 October 2011); doi: 10.1117/12.905681
Show Author Affiliations
Arkadiusz Kalicki, Warsaw Univ. of Technology (Poland)


Published in SPIE Proceedings Vol. 8008:
Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2011
Ryszard S. Romaniuk, Editor(s)

© SPIE. Terms of Use
Back to Top