SAD: web session anomaly detection based on parameter estimation
Web attacks are too numerous in numbers and serious in potential consequences for modern society to tolerate. Unfortunately, current generation signature-based intrusion detection systems (IDS) are inadequate, and security techniques such as firewalls or access control mechanisms do not work well when trying to secure web services. In this paper, we empirically demonstrate that the Bayesian parameter estimation method is effective in analyzing web togs and detecting anomalous sessions. When web attacks were simulated with Whisker software, Snort, a well-known IDS based on misuse detection, caught only slightly more than one third of web attacks. Our technique, session anomaly detection (SAD), on the other hand, detected nearly all such attacks without having to rely on attack signatures at all. SAD works by first developing normal usage profile and comparing the web togs, as they are generated, against the expected frequencies. Our research indicates that SAD has the potential of detecting previously unknown web attacks and that the proposed approach would play a key rote in developing an integrated environment to provide secure and reliable web services. (C) 2004 Elsevier Ltd. All rights reserved.
- Publisher
- ELSEVIER ADVANCED TECHNOLOGY
- Issue Date
- 2004
- Language
- English
- Article Type
- Article
- Citation
COMPUTERS & SECURITY, v.23, no.4, pp.312 - 319
- ISSN
- 0167-4048
- Appears in Collection
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 27 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.