anomaly_signatures - Using Generalization and...

Info icon This preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks William Robertson, Giovanni Vigna, Christopher Kruegel, and Richard A. Kemmerer Reliable Software Group Department of Computer Science University of California, Santa Barbara { wkr,vigna,chris,kemm } @cs.ucsb.edu Abstract The custom, ad hoc nature of web applications makes learning-based anomaly detection systems a suitable approach to provide early warning about the exploita- tion of novel vulnerabilities. However, anomaly-based systems are known for producing a large number of false positives and for providing poor or non-existent infor- mation about the type of attack that is associated with an anomaly. This paper presents a novel approach to anomaly- based detection of web-based attacks. The approach uses an anomaly generalization technique that automat- ically translates suspicious web requests into anomaly signatures. These signatures are then used to group re- current or similar anomalous requests so that an admin- istrator can easily deal with a large number of similar alerts. In addition, the approach uses a heuristics-based technique to infer the type of attacks that generated the anomalies. This enables the prioritization of the at- tacks and provides better information to the adminis- trator. Our approach has been implemented and eval- uated experimentally on real-world data gathered from web servers at two universities. 1. Introduction In the past ten years, the World-Wide Web has evolved from a system to provide access to static infor- mation into a full-fledged distributed execution infras- tructure. Web-based applications have become a popu- lar way to provide access to services and dynamically- generated information. The popularity of web-based ap- plications, such as online shopping catalogs and web- based discussion forums, is a result of the ease of de- velopment, deployment, and access of this class of ap- plications. Even network devices and traditional appli- cations (such as mail servers) often provide web-based interfaces that are used for administration as well as con- figuration. Unfortunately, while the developers of the software infrastructure (that is, the developers of web servers and database engines) usually have a deep understanding of the security issues associated with the development of critical software, the developers of web-based applica- tions often have little or no security skills. These devel- opers mostly focus on the functionality for the end-user and often work under stringent time constraints, without the resources (or the knowledge) necessary to perform a thorough security analysis of the application code. The result is that poorly-developed code, riddled with secu- rity flaws, is deployed and made accessible to the whole Internet.
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern