{"title":"基于HTTP异常检测的web应用脆弱部分识别","authors":"Rastislav Szabó, L. Hudec","doi":"10.1145/2516775.2516796","DOIUrl":null,"url":null,"abstract":"This paper describes a concept of an algorithm, which can be used for automated identification of vulnerable parts of web applications based on increased occurrence of anomalies detected by the anomaly-based IDS (Intrusion Detection System). The output of our anomaly evaluation algorithm can direct security engineers and application developers to those modules of a web application, which are \"attractive\" for the attackers, or even point to some security vulnerabilities in particular modules of the application. The methods of anomaly detection in HTTP traffic and process of building the model of the application's structure by analysis of requested URLs are also discussed in this paper.","PeriodicalId":316788,"journal":{"name":"International Conference on Computer Systems and Technologies","volume":"362 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Identification of vulnerable parts of web applications based on anomaly detection in HTTP\",\"authors\":\"Rastislav Szabó, L. Hudec\",\"doi\":\"10.1145/2516775.2516796\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper describes a concept of an algorithm, which can be used for automated identification of vulnerable parts of web applications based on increased occurrence of anomalies detected by the anomaly-based IDS (Intrusion Detection System). The output of our anomaly evaluation algorithm can direct security engineers and application developers to those modules of a web application, which are \\\"attractive\\\" for the attackers, or even point to some security vulnerabilities in particular modules of the application. The methods of anomaly detection in HTTP traffic and process of building the model of the application's structure by analysis of requested URLs are also discussed in this paper.\",\"PeriodicalId\":316788,\"journal\":{\"name\":\"International Conference on Computer Systems and Technologies\",\"volume\":\"362 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-06-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference on Computer Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2516775.2516796\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Computer Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2516775.2516796","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Identification of vulnerable parts of web applications based on anomaly detection in HTTP
This paper describes a concept of an algorithm, which can be used for automated identification of vulnerable parts of web applications based on increased occurrence of anomalies detected by the anomaly-based IDS (Intrusion Detection System). The output of our anomaly evaluation algorithm can direct security engineers and application developers to those modules of a web application, which are "attractive" for the attackers, or even point to some security vulnerabilities in particular modules of the application. The methods of anomaly detection in HTTP traffic and process of building the model of the application's structure by analysis of requested URLs are also discussed in this paper.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
