HTTP-WS-AD: An anomaly detector oriented to web applications and web services

Web applications have become the most demanded systems to be developed today. This is because they have several advantages compared to "desktop" systems. Due to massive use of web applications they have become one of the main targets for cyberattacks. They are also used as the principal vectors for more sophisticated attacks. In this paper we present an online anomaly based detector for web applications which implements various detection models proposed in the literature. Our proposed detector includes new anomaly models for HTTP requests based on XML or JSON which are formats that usually used in web services and AJAX applications. We also present a framework to include and to evaluate new anomaly models in the detector.