Association for Computing Machinery
Careless development of web-based applications results in vulnerable code being deployed and made available to the whole internet, creating easily-exploitable entry points for the compromise of entire networks. To ameliorate this situation, the authors propose an approach that composes a web-based anomaly detection system with a reverse HTTP proxy. The approach is based on the assumption that a web site's content can be split into security sensitive and non-sensitive parts, which are distributed to different servers. The anomaly score of a web request is then used to route suspicious requests to copies of the web site that do not hold sensitive content.