Detection of Web-based attacks through Markovian protocol parsing

10th IEEE Symposium on Computers and Communications (ISCC'05) Pub Date : 2005-06-27 DOI:10.1109/ISCC.2005.51

J. Tapiador, P. García-Teodoro, J. D. Verdejo

引用次数: 59

Abstract

This paper presents a novel approach based on the monitoring of incoming HTTP requests to detect attacks against Web servers. The detection is accomplished through a Markovian model whose states and transitions between them are determined from the specification of the HTTP protocol while the probabilities of the symbols associated to the Markovian source are obtained during a training stage according to a set of attack-free requests for the target server. The experiments carried out show a high detection capability with low false positive rates at reasonable computation requirements.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于马尔可夫协议解析的web攻击检测

本文提出了一种基于对传入HTTP请求的监控来检测对Web服务器的攻击的新方法。检测通过马尔可夫模型完成，该模型的状态和状态之间的转换由HTTP协议规范确定，而与马尔可夫源相关的符号的概率是在训练阶段根据目标服务器的一组无攻击请求获得的。实验结果表明，在合理的计算要求下，该方法具有较高的检测能力和较低的误报率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

10th IEEE Symposium on Computers and Communications (ISCC'05)

自引率

0.00%

发文量

期刊最新文献

Message from the Technical Program Chairs Modular reference implementation of an IP-DSLAM Towards flexible authorization management An energy-aware medium-access-control protocol with frequent sleeps for wireless sensor networks A QoS approach to hybrid TDMA with heuristic traffic shaping for time critical application environments