Data Mining Approach to Web Application Intrusions Detection

Arkadiusz Kalicki


Web applications became most popular medium in the Internet. Popularity, easiness of web application script languages and frameworks together with careless development results in high number of web application vulnerabilities and high number of attacks performed. There are several types of attacks possible because of improper input validation: SQL injection Cross-site scripting, Cross-Site Request Forgery (CSRF), web spam in blogs and others. In order to secure web applications intrusion detection (IDS) and intrusion prevention systems (IPS) are being used. Intrusion detection systems are divided in two groups: misuse detection (traditional IDS) and anomaly detection. This paper presents data mining based algorithm for anomaly detection. The principle of this method is the comparison of the incoming HTTP traffic with a previously built profile that contains a representation of the “normal” or expected web application usage sequence patterns. The frequent sequence patterns are found with GSP algorithm. Previously presented detection method was rewritten and improved. Some tests show that the software catches malicious requests, especially long attack sequences, results quite good with medium length sequences, for short length sequences must be complemented with other methods.
Author Arkadiusz Kalicki (FEIT / PE)
Arkadiusz Kalicki,,
- The Institute of Electronic Systems
Book Romaniuk Ryszard (eds.): Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments 2011 (Proceedings Volume), vol. 8008, 2011, SPIE, ISBN 9780819485823, 614 pages; 71 papers; N/A
Languageen angielski
Score (nominal)10
Citation count*1 (2019-12-30)
Share Share

Get link to the record

* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Are you sure?