Data Mining Approach to Web Application Intrusions Detection
AbstractWeb applications became most popular medium in the Internet. Popularity, easiness of web application script languages and frameworks together with careless development results in high number of web application vulnerabilities and high number of attacks performed. There are several types of attacks possible because of improper input validation: SQL injection Cross-site scripting, Cross-Site Request Forgery (CSRF), web spam in blogs and others. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. This paper presents data mining based algorithm for anomaly detection. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the “normal” or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Previously presented detection method was rewritten and improved. Some tests show that the software catches malicious requests, especially long attack sequences, results quite good with medium length sequences, for short length sequences must be complemented with other methods.
|Book||Romaniuk Ryszard (eds.): Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2011 (Proceedings Volume), vol. 8008, 2011, SPIE, ISBN 9780819485823, 614 pages; 71 papers; N/A|
|Citation count*||1 (2019-12-30)|
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.