Detection of Insider Attacks to the Web Server

In this paper, we propose a detection scheme to protect the Web server by inspecting HTTP outbound traffic from insider attacks which reveal confidential/private information or spread malware codes through Web. Our proposed scheme has a two-step hierarchy with a signature-based detector using Snort, and an anomaly-based detector using HMM. Through the verification analysis under the attacked Web server environment, it has been shown that our proposed scheme improves the detection rate.

[1]  Laxmi N. Bhuyan,et al.  Compiling PCRE to FPGA for accelerating SNORT IDS , 2007, ANCS '07.

[2]  Robert Sabourin,et al.  Combining Hidden Markov Models for Improved Anomaly Detection , 2009, 2009 IEEE International Conference on Communications.

[3]  Sung-Bae Cho,et al.  Two Sophisticated Techniques to Improve HMM-Based Intrusion Detection Systems , 2003, RAID.

[4]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[5]  Jude W. Shavlik,et al.  Selection, combination, and evaluation of effective software sensors for detecting abnormal computer usage , 2004, KDD.

[6]  Xiaogang Wang,et al.  A potential HTTP-based application-level attack against Tor , 2011, Future Gener. Comput. Syst..

[7]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[8]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[9]  Wouter Joosen,et al.  Bridging the gap between web application firewalls and web applications , 2006, FMSE '06.

[10]  Min Xiao,et al.  Research and implementation on snort-based hybrid intrusion detection system , 2009, 2009 International Conference on Machine Learning and Cybernetics.

[11]  John Wack,et al.  Guidelines on Firewalls and Firewall Policy , 2002 .

[12]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[13]  Consolación Gil,et al.  Design of a Snort-Based Hybrid Intrusion Detection System , 2009, IWANN.

[14]  Miroslaw Skrzewski Analyzing Outbound Network Traffic , 2011, CN.

[15]  Kyung-San Cho,et al.  Anomaly Detection Scheme of Web-based attacks by applying HMM to HTTP Outbound Traffic , 2012 .

[16]  Kyung-San Cho,et al.  An Efficient Detecting Scheme of Web-based Attacks through Monitoring HTTP Outbound Traffics , 2011 .