DoubleGuard: Detecting intrusions in multitier web applications

IEEE Transactions on Dependable and Secure Computing

Volumn 9, Issue 4, 2012, Pages 512-525

  Le, Meixing ^a   Stavrou, Angelos ^a   Kang, Brent Byunghoon ^a  

^a George Mason University   (United States)

Author keywords

Anomaly detection; multitier web application.; virtualization

Indexed keywords

ANOMALY DETECTION; BEHAVIORAL RESEARCH; DATABASE SYSTEMS; NETWORK SECURITY; VIRTUAL REALITY; VIRTUALIZATION; WEBSITES;

APPLICATION FRONT ENDS; BACK-END DATABASE; INTERNET SERVICES; NETWORK BEHAVIORS; PERSONAL INFORMATION; SYSTEM DEPLOYMENT; TRAINING SESSIONS; WEB APPLICATION;

WEB SERVICES;

EID: 84861175145     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2011.59     Document Type: Article

References (52)

1. SANS, "The Top Cyber Security Risks," http://www.sans.org/top- cyber-security-risks/, 2011.
2. National Vulnerability Database, "Vulnerability Summary for CVE-2010-4332," http://web.nvd.nist.gov/view/vuln/detail? vulnId= CVE-2010-4332, 2011.
3. National Vulnerability Database, "Vulnerability Summary for CVE-2010-4333," http://web.nvd.nist.gov/view/vuln/detail? vulnId=CVE-2010-4333, 2011.
4. Autobench, http://www.xenoclast.org/autobench/, 2011.
5. "Common Vulnerabilities and Exposures," http://www.cve. mitre. org/, 2011.
6. "Five Common Web Application Vulnerabilities," http://www. symantec.com/connect/articles/five-common-web-applicationvulnerabilities, 2011.
7. greensql, http://www.greensql.net/, 2011.
8. httperf, http://www.hpl.hp.com/research/linux/httperf/, 2011.
9. httpload, http://www.acme.com/software/http-load/, 2011.
10. Joomla cms, http://www.joomla.org/, 2011.
11. Linux-vserver, http://linux-vserver.org/, 2011.
12. metasploit, http://www.metasploit.com/, 2011.
13. nikto, http://cirt.net/nikto2, 2011.
14. Openvz, http://wiki.openvz.org, 2011.
15. Seleniumhq, http://seleniumhq.org/, 2011.
16. sqlmap, http://sqlmap.sourceforge.net/, 2011.
17. "Virtuozzo Containers," http://www.parallels.com/products/ pvc45/, 2011.
18. "Wordpress," http://www.wordpress.org/, 2011.
19. "Wordpress Bug," http://core.trac.wordpress.org/ticket/5487, 2011.
20. C. Anley, "Advanced Sql Injection in Sql Server Applications," technical report, Next Generation Security Software, Ltd., 2002.
21. K. Bai, H. Wang, and P. Liu, "Towards Database Firewalls," Proc. Ann. IFIP WG 11.3 Working Conf. Data and Applications Security (DBSec '05), 2005.
22. B.I.A. Barry and H.A. Chan, "Syntax, and Semantics-Based Signature Database for Hybrid Intrusion Detection Systems," Security and Comm. Networks, vol. 2, no. 6, pp. 457-475, 2009.
23. D. Bates, A. Barth, and C. Jackson, "Regular Expressions Considered Harmful in Client-Side XSS Filters," Proc. 19th Int'l Conf. World Wide Web, 2010.
24. M. Christodorescu and S. Jha, "Static Analysis of Executables to Detect Malicious Patterns," Proc. Conf. USENIX Security Symp., 2003.
25. M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna, "Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications," Proc. Int'l Symp. Recent Advances in Intrusion Detection (RAID '07), 2007.
26. H. Debar, M. Dacier, and A. Wespi, "Towards a Taxonomy of Intrusion-Detection Systems," Computer Networks, vol. 31, no. 9, pp. 805-822, 1999.
27. V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna, "Toward Automated Detection of Logic Vulnerabilities in Web Applications," Proc. USENIX Security Symp., 2010.
28. Y. Hu and B. Panda, "A Data Mining Approach for Database Intrusion Detection," Proc. ACM Symp. Applied Computing (SAC), H. Haddad, A. Omicini, R.L. Wainwright, and L.M. Liebrock, eds., 2004.
29. Y. Huang, A. Stavrou, A.K. Ghosh, and S. Jajodia, "Efficiently Tracking Application Interactions Using Lightweight Virtualization," Proc. First ACM Workshop Virtual Machine Security, 2008.
30. H.-A. Kim and B. Karp, "Autograph: Toward Automated Distributed Worm Signature Detection," Proc. USENIX Security Symp., 2004.
31. C. Kruegel and G. Vigna, "Anomaly Detection of Web-Based Attacks," Proc. 10th ACM Conf. Computer and Comm. Security (CCS '03), Oct. 2003.
32. S.Y. Lee, W.L. Low, and P.Y. Wong, "Learning Fingerprints for a Database Intrusion Detection System," ESORICS: Proc. European Symp. Research in Computer Security, 2002.
33. Liang and Sekar, "Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers," SIGSAC: Proc. 12th ACM Conf. Computer and Comm. Security, 2005.
34. J. Newsome, B. Karp, and D.X. Song, "Polygraph: Automatically Generating Signatures for Polymorphic Worms," Proc. IEEE Symp. Security and Privacy, 2005.
35. B. Parno, J.M. McCune, D. Wendlandt, D.G. Andersen, and A. Perrig, "CLAMP: Practical Prevention of Large-Scale Data Leaks," Proc. IEEE Symp. Security and Privacy, 2009.
36. T. Pietraszek and C.V. Berghe, "Defending against Injection Attacks through Context-Sensitive String Evaluation," Proc. Int'l Symp. Recent Advances in Intrusion Detection (RAID '05), 2005.
37. S. Potter and J. Nieh, "Apiary: Easy-to-Use Desktop Application Fault Containment on Commodity Operating Systems," Proc. USENIX Ann. Technical Conf., 2010.
38. W. Robertson, F. Maggi, C. Kruegel, and G. Vigna, "Effective Anomaly Detection with Scarce Training Data," Proc. Network and Distributed System Security Symp. (NDSS), 2010.
39. M. Roesch, "Snort, Intrusion Detection System," http://www. snort.org, 2011.
40. A. Schulman, "Top 10 Database Attacks," http://www.bcs.org/ server.php?show=ConWebDoc.8852, 2011.
41. R. Sekar, "An Efficient Black-Box Technique for Defeating Web Application Attacks," Proc. Network and Distributed System Security Symp. (NDSS), 2009.
42. A. Seleznyov and S. Puuronen, "Anomaly Intrusion Detection Systems: Handling Temporal Relations between Events," Proc. Int'l Symp. Recent Advances in Intrusion Detection (RAID '99), 1999.
43. Y. Shin, L. Williams, and T. Xie, "SQLUnitgen: Test Case Generation for SQL Injection Detection," technical report, Dept. of Computer Science, North Carolina State Univ., 2006.
44. A. Srivastava, S. Sural, and A.K. Majumdar, "Database Intrusion Detection Using Weighted Sequence Mining," J. Computers, vol. 1, no. 4, pp. 8-17, 2006.
45. A. Stavrou, G. Cretu-Ciocarlie, M. Locasto, and S. Stolfo, "Keep Your Friends Close: The Necessity for Updating an Anomaly Sensor with Legitimate Environment Changes," Proc. Second ACM Workshop Security and Artificial Intelligence, 2009.
46. G.E. Suh, J.W. Lee, D. Zhang, and S. Devadas, "Secure Program Execution via Dynamic Information Flow Tracking," ACM SIGPLAN Notices, vol. 39, no. 11, pp. 85-96, Nov. 2004.
47. F. Valeur, G. Vigna, C. Krü gel, and R.A. Kemmerer, "A Comprehensive Approach to Intrusion Detection Alert Correlation," IEEE Trans. Dependable and Secure Computing, vol. 1, no. 3, pp. 146-169, July-Sept. 2004.
48. T. Verwoerd and R. Hunt, "Intrusion Detection Techniques and Approaches," Computer Comm., vol. 25, no. 15, pp. 1356-1365, 2002. (Pubitemid 34506182)
49. G. Vigna, W.K. Robertson, V. Kher, and R.A. Kemmerer, "A Stateful Intrusion Detection System for World-Wide Web Servers," Proc. Ann. Computer Security Applications Conf. (ACSAC '03), 2003.
50. G. Vigna, F. Valeur, D. Balzarotti, W.K. Robertson, C. Kruegel, and E. Kirda, "Reducing Errors in the Anomaly-Based Detection of Web-Based Attacks through the Combined Analysis of Web Requests and SQL Queries," J. Computer Security, vol. 17, no. 3, pp. 305-329, 2009.
51. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Krü gel, and G. Vigna, "Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis," Proc. Network and Distributed System Security Symp. (NDSS '07), 2007.
52. D. Wagner and D. Dean, "Intrusion Detection via Static Analysis," Proc. Symp. Security and Privacy (SSP '01), May 2001.