Title :
HMM-Web: A Framework for the Detection of Attacks Against Web Applications
Author :
Corona, Igino ; Ariu, Davide ; Giacinto, Giorgio
Author_Institution :
Dept. of Electr. & Electron. Eng., Univ. of Cagliari, Cagliari, Italy
Abstract :
Nowadays, the web-based architecture is the most frequently used for a wide range of internet services, as it allows to easily access and manage information and software on remote machines. The input of web applications is made up of queries, i.e. sequences of pairs attributelarrvalue. A wide range of attacks exploits web application vulnerabilities, typically derived from input validation flaws. In this work we propose a new formulation of query analysis through Hidden Markov Models (HMM) and show that HMM are effective in detecting a wide range of either known or unknown attacks on web applications. In addition, despite previous works, we explicitly address the problem related to the presence of noise (i.e., attacks) in the training set. Finally, we show that performance can be increased when a sequence of symbols is modelled by an ensemble of HMM. Experimental results on real world data, show the effectiveness of the proposed system in terms of very high detection rates and low false alarm rates.
Keywords :
Web services; hidden Markov models; security of data; HMM-Web; Internet services; Web application vulnerabilities; hidden Markov models; intrusion detection; Application software; Communications Society; Computer architecture; Corona; HTML; Hidden Markov models; Information management; Intrusion detection; Service oriented architecture; Web and internet services;
Conference_Titel :
Communications, 2009. ICC '09. IEEE International Conference on
Conference_Location :
Dresden
Print_ISBN :
978-1-4244-3435-0
Electronic_ISBN :
1938-1883
DOI :
10.1109/ICC.2009.5199054
