Detection of Insider Attacks to the Web Server
Attacks with criminal motives of intentional harm to the victim system evolved from simple spoofing other's password to the complicated Web-based attacks. Because more and more systems are reliant upon the Web server to get and exchange information through the Internet, Web-based attacks have become an important subject in the security field. In this paper, the authors propose a detection scheme to protect the Web server by inspecting HTTP outbound traffic from insider attacks which reveal confidential/private information or spread malware codes through Web. Their proposed scheme has a two-step hierarchy with a signature-based detector using Snort, and an anomaly-based detector using HMM. Through the verification analysis under the attacked Web server environment, it has been shown that their proposed scheme improves the detection rate.