Description: A new system for web attack detection is presented. It
follows the anomaly-based approach, therefore known and
unknown attacks can be detected. The system relies on a XML file
to classify the incoming requests as normal or anomalous. The
XML file, which is built from only normal traffic, contains a
description of the normal behavior of the target web application
statistically characterized. Any request which deviates from the
normal behavior is considered an attack. The system has been
applied to protect a real web application. An increasing number of
training requests have been used to train the system. Experiments
show that when the XML file has enough information to closely
characterize the normal behavior of the target web application, a
very high detection rate is reached while the false alarm rate
remains very low. Platform: |
Size: 688128 |
Author:keerthi |
Hits: