Hidayet TAKCI, İbrahim SOĞUKPINAR, Türker AKYÜZ

WEB atakları için metin tabanlı anormallik tespiti (WAMTAT)

Bugünlerde birçok web sitesi kullanıcılarla etkileşim içerisinde olup bu etkileşimde kullanıcılar isteklerini URL içinde gömülü olarak web sunucuya iletirler. URL içerisine giriş verisi olarak zararlı kodun gömülmesi atak yöntemlerinden biridir ve bu tip atakların tespiti için giriş verisi analiz edilebilir. Bu çalışmada, atak tespiti için metin tabanlı bir anormallik tespiti yöntemi önerilmektedir. Önerilen yöntem kullanıcı girişlerinin analizinde giriş verisinin metinsel özelliklerini kullanır. Gerçeklemesi yapılarak deneysel sonuçları bu makalede verilen yöntem web tabanlı atakların anormallik tabanlı tespitinde yeni bir yaklaşımdır.

A text based anomaly detection for WEB attacks

Nowadays, there is an interaction between the web sites and users. In this interaction, user requests are sent to web servers in URL strings. Sometimes, harmful code may be embedded into those strings. Harmful code embedding is one of web attacks. User input data may be analyzed for detection of this type of attack. In this study, a text based anomaly detection method has been proposed. Proposed method uses textual properties of input data for analysis. This method that is implemented and given experimental results is particularly a new approach for web based anomaly detection.

PDF

___

1. Foltz, C. B., Cyberterrorism, Computer Crime, and Reality,Information Management&Computer Security, vol 12, no 2, 2004, p.154-166.
2. Security Tracker. Vulnerability statistics April 2001-march 2002. http://www.securitytrcker.com/learn/statistics.html, April 2002. 3.Rubin A. D. and Geer Jr. D. E., "A Survey of Web Security", IEEE Computer, Vol. 31, No. 9, September 1998, pp. 34-41.
4. Gordon, L.A., Loeb, M.P., Lucyshyn W. and Richardson R., 2004 CSI/FBI Computer Crime and Security Survey. 2004, available at http://gocsi.com
5. Kruegel C., Vigna G., (2003), Anomaly Detection of Web-Based Attacks, Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS '03) ACM Press Washington, DC. pp. 251-261.
6. Cho S., Cha S., SAD:Web Session Anomaly Detection Based on Parameter Estimation, Computers & Security, Volume 23, Issue 4, June 2004, pp. 312-319
7. Vigna G. , Valeur F., and Kemmerer R.A., Designing and Implementing A Family of Intrusion Detection Systems, Proceedings of the European Conference on Software Engineering (ESEC) Helsinki, Finland September 2003.
8. Alvarez G., Petrovic S., A new taxonomy web attacks suitable for efficient encoding, Computers & Security, vol. 22, 2003, pp. 435- 449.
9. Kruegel C., Toth, T. and Kirda E.., Service Specific Anomaly Detection for Network Intrusion Detection. Proceedings of Symposium on Applied Computing(SAC). ACM Scientific Press, March 2002.
10. Vigna G. , Robertson W. , Kher V. , and Kemmerer R.A. , A Stateful Intrusion Detection System for World-Wide Web Servers, Proceedings of the Annual Computer Security Applications Conference (ACSAC) 34-43 Las Vegas, NV December 2003
11. Takci H., Sogukpinar I., Centroid-Based Language Identification Using Letter Feature Set, Lecture Notes in Computer Science, Vol. 2945/2004, February 2004, pp. 635-645.