Protecting a moving target: Addressing web application concept drift

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5758 LNCS, Issue , 2009, Pages 21-40

  Maggi, Federico ^a   Robertson, William ^a   Kruegel, Christopher ^a   Vigna, Giovanni ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Anomaly Detection; Concept Drift; Machine Learning; Web Application Security

Indexed keywords

ANOMALY DETECTION; ANOMALY DETECTION MODELS; ANOMALY MODELS; AUTOMATIC DETECTION; CONCEPT DRIFTS; FALSE POSITIVE; INTRUSION DETECTION SYSTEMS; MACHINE LEARNING TECHNIQUES; MACHINE-LEARNING; MOVING TARGETS; NEW STRUCTURES; NORMAL BEHAVIOR; NOVEL TECHNIQUES; REAL-WORLD APPLICATION; SECURITY OFFICERS; WEB APPLICATION; WEB APPLICATION SECURITY;

COMPUTER CRIME; DETECTORS; LEARNING ALGORITHMS; LEARNING SYSTEMS; NETWORK SECURITY; WEBSITES;

INTRUSION DETECTION;

EID: 76649142367     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-04342-0_2     Document Type: Conference Paper

References (31)

1. Turner, D., Fossi, M., Johnson, E., Mark, T., Blackbird, J., Entwise, S., Low, M.K., McKinney, D., Wueest, C.: Symantec Global Internet Security Threat Report - Trends for July-December 2007. Technical Report XII, Symantec Corporation (April 2008)
2. Shezaf, O., Grossman, J., Auger, R.: Web Hacking Incidents Database (March 2009), http://whid.xiom.org
3. Open Security Foundation: DLDOS: Data Loss Database - Open Source (March 2009), http://datalossdb.org/
4. Cho, S., Cha, S.: SAD: web session anomaly detection based on parameter estimation. In: Computers & Security, vol. 23, pp. 312-319 (2004)
5. Kruegel, C., Robertson, W., Vigna, G.: A Multi-model Approach to the Detection of Web-based Attacks. Journal of Computer Networks 48(5), 717-738 (2005)
6. Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.A.: Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2006), San Diego, CA, USA (February 2006)
7. Guangmin, L.: Modeling Unknown Web Attacks in Network Anomaly Detection. In: Proceedings of the 3rd International Conference on Convergence and Hybrid Information Technology (ICCIT 2008), Washington, DC, USA, pp. 112-116. IEEE Computer Society, Los Alamitos (2008)
8. Zanero, S., Criscione, C.: Masibty: A Web Application Firewall based on Anomaly Detection. In: DeepSec - In-depth security conference (November 2008)
9. Citrix Systems, Inc.: Citrix Application Firewall (January 2009), http://www.citrix.com/English/PS2/products/product.asp?contentID=25636
10. F5 Networks, Inc.: BIG-IP Application Security Manager (January 2009), http://www.f5.com/products/big-ip/product-modules/application-security-manager. html
11. Breach Security, Inc.: Breach WebDefend (January 2009), http://www.breach.com/products/webdefend.html
12. Axelsson, S.: The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS 1999), pp. 1-7. ACM, New York (1999)
13. Frias-Martinez, V., Stolfo, S.J., Keromytis, A.D.: Behavior-Profile Clustering for False Alert Reduction in Anomaly Detection Sensors. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, CA, USA (December 2008)
14. Escalante, H.J., Fuentes, O.: Kernel Methods for Anomaly Detection and Noise Elimination. In: Proceedings of the International Conference on Computing (CORE 2006), Mexico City, Mexico, pp. 69-80 (2006)
15. Kim, S.i., Nwanze, N.: Noise-Resistant Payload Anomaly Detection for Network Intrusion Detection Systems. In: Proceedings of the Performance, Computing and Communications Conference (IPCCC 2008), Austin, TX, USA, pp. 517-523. IEEE Computer Society, Los Alamitos (2008)
16. Cretu, G.F., Stavrou, A., Locasto, M.E., Stolfo, S.J., Keromytis, A.D.: Casting out Demons: Sanitizing Training Data for Anomaly Sensors. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (S&P 2008), Oakland, CA, USA, pp. 81-95. IEEE Computer Society, Los Alamitos (2008)
17. Song, Y., Stolfo, S., Keromytis, A.: Spectrogram: A Mixture-of-Markov- Chains Model for Anomaly Detection in Web Traffic. In: Proc. of the 16th Annual Network and Distributed System Security Symposium, NDSS (2009)
18. Schlimmer, J., Granger, R.: Beyond incremental processing: Tracking concept drift. In: Proceedings of the Fifth National Conference on Artificial Intelligence, vol. 1, pp. 502-507 (1986)
19. Kolter, J., Maloof, M.: Dynamic weighted majority: An ensemble method for drifting concepts. The Journal of Machine Learning Research 8, 2755-2790 (2007)
20. Hansen, R.: (RSnake): XSS (Cross Site Scripting) Cheat Sheet (June 2009), http://ha.ckers.org/xss.html
21. Mavituna, F.: SQL Injection Cheat Sheet (June 2009), http://ferruh. mavituna.com/sql-injection-cheatsheet-oku/
22. Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222-232 (1987)
23. Lee, W., Stolfo, S.J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security 3(4), 227-261 (2000)
24. Mutz, D., Valeur, F., Vigna, G., Kruegel, C.: Anomaly system call detection. ACM Transactions on Information and System Security 9(1), 61-93 (2006)
25. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A Sense of Self for Unix Processes. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P 1996), Oakland, CA, USA, pp. 120-128. IEEE Computer Society, Los Alamitos (1996)
26. Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P 2001), Oakland, CA, USA, pp. 156-168. IEEE Computer Society, Los Alamitos (2001)
27. Maggi, F., Matteucci, M., Zanero, S.: Detecting intrusions through system call sequence and argument analysis. IEEE Transactions on Dependable and Secure Computing 99(1) (5555)
28. Wang, K., Stolfo, S.J.: Anomalous Payload-based Network Intrusion Detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 203-222. Springer, Heidelberg (2004)
29. Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A Content Anomaly Detector Resistant to Mimicry Attack. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 226-248. Springer, Heidelberg (2006)
30. Zanero, S.: Analyzing TCP traffic patterns using self organizing maps. In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 83-90. Springer, Heidelberg (2005)
31. Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian Event Classification for Intrusion Detection. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, NV, USA. IEEE Computer Society, Los Alamitos (2003)