论文信息 - Does Network Awareness Make Difference In Intrusion Detection of Web Attacks

Does Network Awareness Make Difference In Intrusion Detection of Web Attacks

There is increasing number of attacks aiming web servers; mostly at the application level. This is due to the fact that web services emerging rapidly without security considerations and network level solutions allow their connections tunnel through. Intrusion detection systems (IDS) can be configured to detect web attacks. These systems produce too many logs as they don’t have enough information about the network they are installed on. A prototype implementation of network-aware IDS is developed and its benefits are introduced.

Tugkan Tuglular | Enis Karaarslan | Halil Sengonca

[1] John McHugh,et al. Intrusion and intrusion detection , 2001, International Journal of Information Security.

[2] Dustin William Lee,et al. HMAP: A Technique and Tool For Remote Identification of HTTP Servers , 2001 .

[3] Karl N. Levitt,et al. Detecting and defending against Web-server fingerprinting , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[4] Jianyi Lin,et al. Computer crime and security survey , 2002 .

[5] Thomas Henry Ptacek,et al. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[6] Frederic Massicotte,et al. Passive Network Discovery for Real Time Situation Awareness , 2004 .

[7] Evan Hughes,et al. Towards Network Awareness , 2005, LISA.

[8] Steven McCanne,et al. The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[9] Christopher Krügel,et al. Alert Verification Determining the Success of Intrusion Attempts , 2004, DIMVA.