Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2006

Volumn , Issue , 2006, Pages

  Robertson, William ^a   Vigna, Giovanni ^a   Kruegel, Christopher ^a   Kemmerer, Richard A ^a  

^a University of California   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALY DETECTION;

ANOMALY BASED DETECTION; ANOMALY DETECTION SYSTEMS; CHARACTERIZATION TECHNIQUES; EARLY WARNING; FALSE POSITIVE; GENERALISATION; WEB APPLICATION; WEB APPLICATIONS; WEB ATTACKS; WEB-BASED ATTACKS;

NETWORK SECURITY;

EID: 83455223163     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (23)

1. M. Almgren, H. Debar, and M. Dacier. A Lightweight Tool for Detecting Web Server Attacks. In Proceedings of the ISOC Symposium on Network and Distributed Systems Security, San Diego, CA, February 2000.
2. M. Almgren and U. Lindqvist. Application-Integrated Data Collection for Security Monitoring. In Proceedings of Recent Advances in Intrusion Detection (RAID), LNCS, pages 22–36, Davis, CA, October 2001. Springer.
3. C. Warrender and S. Forrest and B.A. Pearlmutter. Detecting Intrusions using System Calls: Alternative Data Models. In IEEE Symposium on Security and Privacy, pages 133–145, 1999.
4. K. Coar and D. Robinson. The WWW Common Gateway Interface, Version 1.1. Internet Draft, June 1999.
5. Common Vulnerabilities and Exposures. http://www.cve.mitre.org/, 2005.
6. D.E. Denning. An Intrusion Detection Model. IEEE Transactions on Software Engineering, 13(2):222–232, February 1987.
7. S. Forrest. A Sense of Self for UNIX Processes. In Proceedings of the IEEE Symposium on Security and Privacy, pages 120–128, Oakland, CA, May 1996.
8. A.K. Ghosh, J. Wanken, and F. Charron. Detecting Anomalous and Unknown Intrusions Against Programs. In Proceedings of the Annual Computer Security Application Conference (ACSAC’98), pages 259–267, Scottsdale, AZ, December 1998.
9. C. Ko, M. Ruschitzka, and K. Levitt. Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 175–187, Oakland, CA, May 1997.
10. C. Kruegel, T. Toth, and E. Kirda. Service Specific Anomaly Detection for Network Intrusion Detection. In Symposium on Applied Computing (SAC). ACM Scientific Press, March 2002.
11. th ACM Conference on Computer and Communication Security (CCS’03), pages 251–261, Washington, DC, October 2003. ACM Press.
12. W. Lee, S. Stolfo, and P. Chan. Learning Patterns from Unix Process Execution Traces for Intrusion Detection. In Proceedings of the AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, July 1997.
13. th International Conference on Knowledge Discovery and Data Mining, pages 376–385, 2002.
14. V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, January 1998.
15. L. Portnoy, E. Eskin, and S. Stolfo. Intrusion Detection with Unlabeled Data Using Clustering. In Proceedings of ACM CSS Workshop on Data Mining Applied to Security, Philadelphia, PA, November 2001.
16. M. Roesch. Snort - Lightweight Intrusion Detection for Networks. In Proceedings of the USENIX LISA’99 Conference, Seattle, WA, November 1999.
17. A. Stolcke and S. Omohundro. Inducing Probabilistic Grammars by Bayesian Model Merging. In Conference on Grammatical Inference, 1994.
18. th International Symposium on Recent Advances in Intrusion Detection, pages 54–73, Zurich, Switzerland, October 2002.
19. E. Tombini, H. Debar, L. Me, and M. Ducasse. A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic. In Proceedings of the Twentieth Annual Computer Security Applications Conference, Tucson, Arizona, December 2004.
20. Thomas Toth and Christopher Kruegel. Accurate Buffer Overflow Detection via Abstract Payload Execution. In 5th Symposium on Recent Advances in Intrusion Detection (RAID), 2002.
21. G. Vigna, W. Robertson, V. Kher, and R.A. Kemmerer. A Stateful Intrusion Detection System for World-Wide Web Servers. In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2003), pages 34–43, Las Vegas, NV, December 2003.
22. Giovanni Vigna, William Robertson, and Davide Balzarotti. Testing Network-based Intrusion Detection Signatures Using Mutant Exploits. In 11th ACM Conference on Computer and Communications Security (CCS), 2004.
23. th ACM Conference on Computer and Communications Security, pages 255–264, Washington DC, USA, November 2002.