nach oben

International Journal of Information Security

Erschienen in:

01.11.2015 | Regular Contribution

URL query string anomaly sensor designed with the bidimensional Haar wavelet transform

verfasst von: Alice Kozakevicius, Cristian Cappo, Bruno A. Mozzaquatro, Raul Ceretta Nunes, Christian E. Schaerer

Erschienen in: International Journal of Information Security | Ausgabe 6/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this paper, the 2D Haar wavelet transform is the proposed analysis technique for HTTP traffic data. Web attacks are detected by two threshold operations applied to the wavelet coefficients of the 2D transform: one based on their median and the other on the best approximation method. The two proposed algorithms are validated through an extensive number of simulations, including comparisons with well-established techniques, confirming the effectiveness of the designed sensor.

Vorheriger Artikel Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)CrossRef

Cavnar, W., Trenkle, J.: n-gram-based text categorization. In: SDAIR, pp. 161–175 (1994)

Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 1–58 (2009)CrossRef

CVE-2001-0500, C.: (2011). http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0500. Accessed Dec 2011

Damashek, M.: Gauging similarity with n-grams: language-independent categorization of text. Science 5199, 843–848 (1995)CrossRef

Daubechies, I.: Ten Lectures on Wavelets. Society for Industrial and Applied Mathematics, Philadelphia, PA (1992)MATHCrossRef

Donoho, D., Johnstone, I.: Ideal spatial adaptation via wavelet shrinkage. Biometrika 81, 425–455 (1994). doi:10.1093/biomet/81.3.425 MATHMathSciNetCrossRef

Donoho, D., Johnstone, I.: Adapting to unknown smoothness via wavelet shrinkage. J. Am. Stat. Assoc. 90, 1200–1224 (1995)MATHMathSciNetCrossRef

Ficco, M., Coppolino, L., Romano, L.: A weight-based symptom correlation approach to sql injection attacks. In: Fourth Latin-American Symposium on Dependable Computing, 2009. LADC ’09, pp. 9–16 (2009). doi:10.1109/LADC.2009.14

10.

Fonseca, J., Vieira, M., Madeira, H.: The web attacker perspective—a field study. In: 2010 IEEE 21st International Symposium on Software Reliability Engineering (ISSRE), pp. 299–308 (2010). doi:10.1109/ISSRE.2010.21

11.

Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A sense of self for unix processes. In: IEEE Symposium on Security and Privacy, pp. 120–128 (1996)

12.

Ghosh, A., Schwartzbard, A., Schatz, M.: Learning program behavior profiles for intrusion detection. In: USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 51–62 (1999)

13.

Grané, A., Veiga, H.: Wavelet-based detection of outliers in financial time series. Comput. Stat. Data Anal. 54(11), 2580–2593 (2010). doi:10.1016/j.csda.2009.12.010 MATHCrossRef

14.

Huang, C.T., Thareja, S., Shin, Y.J.: Wavelet-based real time detection of network traffic anomalies. I. J. Netw. Secur. 6(3), 309–320 (2008)

15.

Ingham, K.L.: Anomaly detection for http intrusion detection: algorithm comparisons and the effect of generalization on accuracy. Ph.D. thesis, University of New Mexico (2007)

16.

Ingham, K.L., Inoue, H.: Comparing anomaly detection techniques for http. In: Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection. RAID’07, pp. 42–62. Springer, Berlin (2007)

17.

Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning dfa representations of http for protecting web applications. Comput. Netw. 51, 1239–1255 (2007)MATHCrossRef

18.

Jamdagni, A., Tan, Z., Nanda, P., He, X., Liu, R.P.: Intrusion detection using gsad model for http traffic on web services. In: Proceedings of the 6th International Wireless Communications and Mobile Computing Conference, IWCMC ’10, pp. 1193–1197. ACM, New York, NY (2010). doi:10.1145/1815396.1815669

19.

Kiani, M., Clark, A., Mohay, G.: Evaluation of anomaly based character distribution models in the detection of sql injection attacks. In: Third International Conference on Availability, Reliability and Security, 2008. ARES 08, pp. 47–55 (2008). doi:10.1109/ARES.2008.123

20.

Kruegel, C., Valeur, F., Vigna, G.: Intrusion Detection and Correlation: Challenges and Solutions. Springer-Verlag TELOS, Santa Clara, CA (2004)

21.

Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS ’03, pp. 251–261. ACM, New York, NY (2003). doi:10.1145/948109.948144

22.

Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Comput. Netw. 48, 717–738 (2005). doi:10.1016/j.comnet.2005.01.009 CrossRef

23.

Krueger, T., Gehl, C., Rieck, K., Laskov, P.: Tokdoc: a self-healing web application firewall. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC ’10, pp. 1846–1853. ACM, New York, NY (2010). doi:10.1145/1774088.1774480

24.

Krügel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proceedings of the 2002 ACM Symposium on Applied Computing, SAC ’02, pp. 201–208. ACM, New York, NY (2002). doi:10.1145/508791.508835

25.

Lu, W., Ghorbani, A.A.: Network anomaly detection based on wavelet analysis. EURASIP J. Adv. Signal Process 4, 1–16 (2009). doi:10.1155/2009/837601

26.

Mahalanobis, P.: On the generalized distance in statistics. Proc. Natl. Inst. Sci. Calcutta 12, 49–55 (1936)

27.

Mallat, S.: A Wavelet Tour of Signal Processing, 3rd edn. Elsevier/Academic Press, Amsterdam (2009). The sparse way, With contributions from Gabriel Peyré

28.

Mozzaquatro, B., Azevedo, R.P., Nunes, R., Kozakevicius, A., Cappo, C., Schaerer, C.: Anomaly-based techniques for web attacks detection. J. Appl. Comput. Res. 2(2), 112–120 (2011)

29.

OWASP, T.O.W.A.S.P.: Top 10 web application security risks (2010). http://www.owasp.org/index.php/Top10

30.

Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007). doi:10.1016/j.comnet.2007.02.001

31.

Pearson, K.: On a criterion that a given system of deviations from the probable in the case of correlated system of variables is duch that it can be reasonably supposed to have arisen from random sampling. Philos. Mag. 50, 157–175 (1900)MATHCrossRef

32.

Rieck, K., Laskov, P.: Detecting Unknown Network Attacks Using Language Models, Lecture Notes in Computer Science, vol. 4064, pp. 74–90. Springer, Berlin (2006). doi:10.1007/11790754_5

33.

Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.: Using generalization and characterization techniques in the anomaly-based detection of web attacks. In: Proceeding of the Network and Distributed System Security Symposium (NDSS). San Diego, CA (2006)

34.

Robertson, W.K.: Detecting and preventing attacks against web applications. Ph.D. thesis, University of California, Santa Barbara (2009)

35.

Scambray, J., Liu, V., Sima, C.: Hacking Exposed Web Applications. Mc Graw Hill, New York (2011)

36.

Singh, G., Masseglia, F., Fiot, C., Marascu, A., Poncelet, P.: Data mining for intrusion detection: from outliers to true intrusions. In: Theeramunkong, T., Kijsirikul, B., Cercone, N., Ho, T.B. (eds.) Advances in Knowledge Discovery and Data Mining. Lecture Notes in Computer Science, vol. 5476, pp. 891–898. Springer, Berlin (2009)CrossRef

37.

Song, Y., Keromytis, A., Stolfo, S.: Spectrogram: a mixture-of-markov-chains model for anomaly detection in web traffic. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS) San Diego, pp. 121–135. Internet Society (2009)

38.

Sriraghavan, R., Lucchese, L.: Data processing and anomaly detection in web-based applications. In: IEEE Workshop on Machine Learning for Signal Processing, 2008. MLSP 2008, pp. 187–192 (2008). doi:10.1109/MLSP.2008.4685477

39.

Stollnitz, E., DeRose, A., Salesin, D.: Wavelets for computer graphics: a primer 1. IEEE Comput. Graph. Appl. 15(3), 76–84 (1995). doi:10.1109/38.376616 CrossRef

40.

Su, Z., Wassermann, G.: The essence of command injection attacks in web applications. SIGPLAN Not. 41, 372–382 (2006). doi:10.1145/1111320.1111070 CrossRef

41.

Vulnerabilities, C.C., Exposures: common vulnerabilities and exposures (2011). http://www.cve.mitre.org. Accessed Dec 2011

42.

Wagner, R., Fontoura, L.M., Nunes, R.C.: Tailoring rational unified process to contemplate the SSE-CMM. In: Latin American Conference on Informatics, CLEI 2011. Quito, Equador (2011)

43.

Wang, K., Parekh, J., Stolfo, S.: Anagram: A content anomaly detector resistant to mimicry attack. In: Recent Adances in Intrusion Detection (RAID), pp. 226–248 (2006)

44.

Wang, K., Stolfo, S.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, vol. 3224, pp. 203–222. Springer, Berlin (2004)CrossRef

45.

Yates, F.: Contingency table involving small numbers and the \(\chi ^2\) test. Suppl J R Stat Soc 1(2), 217–235 (1934)MATHCrossRef

46.

Zhou, Z., Zhongwen, C., Tiecheng, Z., Xiaohui, G.: The study on network intrusion detection system of snort. In: 2010 2nd International Conference on Networking and Digital Society (ICNDS), vol. 2, pp. 194–196 (2010). doi:10.1109/ICNDS.2010.5479341

Titel: URL query string anomaly sensor designed with the bidimensional Haar wavelet transform
verfasst von: Alice Kozakevicius
Cristian Cappo
Bruno A. Mozzaquatro
Raul Ceretta Nunes
Christian E. Schaerer
Publikationsdatum: 01.11.2015
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 6/2015
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-015-0276-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 6/2015

Security and privacy of electronic health information systems

Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation

Flexible attribute-based encryption applicable to secure e-healthcare records

Security and searchability in secret sharing-based data outsourcing

Secure floating point arithmetic and private satellite collision analysis

Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme