nach oben

Erschienen in:

2014 | OriginalPaper | Buchkapitel

Detection of Web-Based Attacks by Analyzing Web Server Log Files

verfasst von : Nanhay Singh, Achin Jain, Ram Shringar Raw, Rahul Raman

Erschienen in: Intelligent Computing, Networking, and Informatics

Verlag: Springer India

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In today’s scenario, Web traffic is increasing everyday in the world and has overtaken P2P traffic. The Websites are getting hacked on daily basis. These rises in hacking activity pose a greater threat than the network attacks as they threaten to steal crucial and important information from Website. This information can be related to the users, employee, and other important data stored in applications and database linked to the Website. Increase in Web network traffic has opened new and more efficient attack vectors for the hackers and attackers to work with. Attackers take advantage of the vulnerability in traditional firewalls deployed on Website. These firewalls are not designed to protect Web applications; lots of Websites are getting attacked by malicious scripts and users. In this paper, many Web attacks are carried out on Web applications hosted on local server to analyze the log file created after the attacks. A Web application log file allows a detailed analysis of a user action. We have simulated some Web attacks using MATLAB. Results extracted from this process helps in the recognition of majority of the attacks and helps in prevention from further exploitation.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel To Study the Architectural Designs of a Proposed Comprehensive Software Extractor for Reengineering Tool: A Literature Survey

Nächstes Kapitel A Survey of Energy-Aware Routing Protocols and Mechanisms for Mobile Ad Hoc Networks

CERT. Advisory CA-2000-02: Malicious HTML tags embedded in client Web requests. Accessed from http://www.cert.org/advisories/CA-2000-02.html (2000)

Endler, D.: The evolution of cross site scripting attacks. Technical report, iDEFENSE Labs, (2002)

Berinato, S.: Software vulnerability disclosure: The chilling effect. Accessed from http://www.csoonline.com/article/221113/software-vulnerability-disclosure-the-chilling-effect (2007)

Aucsmith, D.: Creating and maintaining software that resists malicious attack. http://www.gtisc.gatech.edu/bioaucsmith.html. Accessed on Sept 2004. Distinguished Lecture Series (2004)

T. O. Foundation: Top ten most critical Web application vulnerabilities 2005. Accessed from http://www.owasp.org/documentation/topten.html (2005)

Singh, N, Singh, K, Raw, R.S.: Analysis of detection and prevention of various SQL injection attacks on Web applications. IJAIS 2(7), (2012)

Cross-Site Request Forgery: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF). Accessed on Nov 2011

OWASP Top 10 Application Security Risks: http://www.owasp.org/index.php/Top_10_2010-Main. Accessed on Nov 2011

Open Source Vulnerability Database (OSVDB): http://osvdb.org. Accessed on Nov 2011

10.

Common Vulnerabilities and Exposures (CVE): http://cve.mitre.org. Accessed on Nov 2011

11.

Joshila Grace, L.K., Maheswari, V., Nagamalai, D.: Analysis of Weblogs and Web user in Web mining. Int. J. Netw. Secur. Appl. (IJNSA) 3(1), (2011)

12.

Pamnani, R., Chawan, P.: Web Usage Mining: A Research Area in Web Mining. Department of Computer Technology, VJTI University, Mumbai (2010)

13.

Kuperman, B.A., Brodley, C.E., Ozdoganoglu, H., Vijaykumar, T.N., Jalote, A.: Detecting and prevention of stack buffer overflow attacks. Commun. ACM 48(11), 50–56 (2005)

Titel: Detection of Web-Based Attacks by Analyzing Web Server Log Files
verfasst von: Nanhay Singh
Achin Jain
Ram Shringar Raw
Rahul Raman
Verlag: Springer India
Buch: Intelligent Computing, Networking, and Informatics
Print ISBN: 978-81-322-1664-3

Electronic ISBN: 978-81-322-1665-0

Copyright-Jahr: 2014
DOI: https://doi.org/10.1007/978-81-322-1665-0_10

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"