Detection of Insider Attacks to the Web Server

Free registration required

Executive Summary

Attacks with criminal motives of intentional harm to the victim system evolved from simple spoofing other's password to the complicated Web-based attacks. Because more and more systems are reliant upon the Web server to get and exchange information through the Internet, Web-based attacks have become an important subject in the security field. In this paper, the authors propose a detection scheme to protect the Web server by inspecting HTTP outbound traffic from insider attacks which reveal confidential/private information or spread malware codes through Web. Their proposed scheme has a two-step hierarchy with a signature-based detector using Snort, and an anomaly-based detector using HMM. Through the verification analysis under the attacked Web server environment, it has been shown that their proposed scheme improves the detection rate.

  • Format: PDF
  • Size: 706.3 KB