• DocumentCode
    1666153
  • Title

    Detection of Web-based attacks through Markovian protocol parsing

  • Author

    Estévez-Tapiador, Juan M. ; García-Teodoro, Pedro ; Díaz-Verdejo, JesÙs E.

  • Author_Institution
    Dept. of Comput. Sci., University Carlos III Madrid, Spain
  • fYear
    2005
  • Firstpage
    457
  • Lastpage
    462
  • Abstract
    This paper presents a novel approach based on the monitoring of incoming HTTP requests to detect attacks against Web servers. The detection is accomplished through a Markovian model whose states and transitions between them are determined from the specification of the HTTP protocol while the probabilities of the symbols associated to the Markovian source are obtained during a training stage according to a set of attack-free requests for the target server. The experiments carried out show a high detection capability with low false positive rates at reasonable computation requirements.
  • Keywords
    Internet; Markov processes; hypermedia; telecommunication security; transport protocols; HTTP protocol; Markovian protocol parsing; Web servers attack detection; target server; Computer science; Computerized monitoring; Information resources; Information security; Internet; Intrusion detection; Payloads; Protocols; Telematics; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computers and Communications, 2005. ISCC 2005. Proceedings. 10th IEEE Symposium on
  • ISSN
    1530-1346
  • Print_ISBN
    0-7695-2373-0
  • Type

    conf

  • DOI
    10.1109/ISCC.2005.51
  • Filename
    1493766
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1666153