Two-Step Hierarchical Scheme for Detecting Detoured Attacks to the Web Server

Byungha Choi; Kyungsan Cho

Geodesic

Parcourir par

Two-Step Hierarchical Scheme for Detecting Detoured Attacks to the Web Server

Byungha Choi ; Kyungsan Cho

Computer Science and Information Systems, Tome 10 (2013) no. 2.

Voir la notice de l'article provenant de la source Computer Science and Information Systems website

Résumé

In this paper, we propose an improved detection scheme to protect a Web server from detoured attacks, which disclose confidential/private information or disseminate malware codes through outbound traffic. Our scheme has a two-step hierarchy, whose detection methods are complementary to each other. The first step is a signature-based detector that uses Snort and detects the marks of disseminating malware, XSS, URL Spoofing and information leakage from the Web server. The second step is an anomaly-based detector which detects attacks by using the probability evaluation in HMM, driven by both payload and traffic characteristics of outbound packets. Through the verification analysis under the attacked Web server environment, we show that our proposed scheme improves the False Positive rate and detection efficiency for detecting detoured attacks to a Web server.

Keywords: detection scheme, two-step detection, detoured attack, signaturebased, anomaly-based, outbound traffic

@article{CSIS_2013_10_2_a4,
     author = {Byungha Choi and Kyungsan Cho},
     title = {Two-Step {Hierarchical} {Scheme} for {Detecting} {Detoured} {Attacks} to the {Web} {Server}},
     journal = {Computer Science and Information Systems},
     publisher = {mathdoc},
     volume = {10},
     number = {2},
     year = {2013},
     url = {http://geodesic.mathdoc.fr/item/CSIS_2013_10_2_a4/}
}

TY  - JOUR
AU  - Byungha Choi
AU  - Kyungsan Cho
TI  - Two-Step Hierarchical Scheme for Detecting Detoured Attacks to the Web Server
JO  - Computer Science and Information Systems
PY  - 2013
VL  - 10
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/CSIS_2013_10_2_a4/
ID  - CSIS_2013_10_2_a4
ER  -

%0 Journal Article
%A Byungha Choi
%A Kyungsan Cho
%T Two-Step Hierarchical Scheme for Detecting Detoured Attacks to the Web Server
%J Computer Science and Information Systems
%D 2013
%V 10
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/CSIS_2013_10_2_a4/
%F CSIS_2013_10_2_a4

Byungha Choi; Kyungsan Cho. Two-Step Hierarchical Scheme for Detecting Detoured Attacks to the Web Server. Computer Science and Information Systems, Tome 10 (2013) no. 2. http://geodesic.mathdoc.fr/item/CSIS_2013_10_2_a4/