Title :
Data processing and anomaly detection in web-based applications
Author :
Sriraghavan, Rajagopal G. ; Lucchese, Luca
Author_Institution :
Cypress Semicond., Beaverton, OR
Abstract :
Web applications are popular attack targets. Misuse detection systems use signature databases to detect known attacks. However, it is difficult to keep the database up to date with the rate of discovery of vulnerabilities. They also cannot detect zero-day attacks. By contrast, anomaly detection systems learn the normal behavior of the system and monitor its activity to detect any deviations from the normal. Any such deviations are flagged as anomalous. This paper presents an anomaly detection system for web-based applications. The anomaly detection system monitors the attribute value pairs of successful HTTP requests received by webserver applications and automatically creates parameter profiles. It then uses these profiles to detect anomalies in the HTTP requests. Customized profiles help reduce the number of false positives. Automatic learning ensures that the system can be used with different kinds of web application environments, without the necessity for manual configuration.
Keywords :
Internet; data analysis; hypermedia; security of data; HTTP requests; Web-based applications; anomaly detection; data processing; misuse detection systems; signature databases; webserver applications; zero-day attacks; Computerized monitoring; Condition monitoring; Data mining; Data processing; Databases; Helium; Information analysis; Intrusion detection; Payloads; Statistical analysis;
Conference_Titel :
Machine Learning for Signal Processing, 2008. MLSP 2008. IEEE Workshop on
Conference_Location :
Cancun
Print_ISBN :
978-1-4244-2375-0
Electronic_ISBN :
1551-2541
DOI :
10.1109/MLSP.2008.4685477
