학술논문
Web Attacks Detection Based on Patterns of Sessions
Document Type
Conference
Author
Source
2019 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon) Industrial Engineering and Modern Technologies (FarEastCon), 2019 International Multi-Conference on. :1-5 Oct, 2019
Subject
Language
Abstract
In recent years, we continued to see a trend of increasing number of web application vulnerabilities. Web application firewall or WAF for short is widely used to detect known attacks on web applications. Unfortunately, WAF is a signature intrusion detection and prevention system. Therefore, WAF requires the creation and maintenance of a large number of rules up to date. In addition, as practice shows, detection rules often require customization for a particular application. Therefore, for a more complete protection, WAF should be supplemented with an anomaly detection system. The article proposes a hybrid anomaly detection system based on a user session model. Anomaly detection is based on the detection of deviations of the current user session from the reference session model based on the variable order Markov model. To improve the reliability of attack detection, when assessing the session anomaly, models for the validity of the values of the HTTP request and SQL queries to the database are created for each stage of the session.