Detecting Web Attacks Using Multi-stage Log Analysis

机译：使用多级日志分析检测Web攻击

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Web-based applications have gained universal acceptance in every sector of lives, including social, commercial, government, and academic communities. Even with the recent emergence of cloud technology, most of cloud applications are accessed and controlled through web interfaces. Web security has therefore continued to be fundamentally important and extremely challenging. One major security issue of web applications is SQL-injection attacks. Most existing solutions for detecting these attacks use log analysis, and employ either pattern matching or machine learning methods. Pattern matching methods can be effective, dynamic, they however cannot detect new kinds of attacks. Supervised machine learning methods can detect new attacks, yet they need to rely on an off-line training phase. This work proposes a multi-stage log analysis architecture, which combines both pattern matching and supervised machine learning methods. It uses logs generated by the application during attacks to effectively detect attacks and to help preventing future attacks. The architecture is described in detail, a proof-of-concept prototype is implemented and hosted on Amazon AWS, using Kibana for pattern matching and Bayes Net for machine learning. It is evaluated on 10,000 logs for detecting SQL injection attacks. Experiment results show that the two-stage system has combined the advantages of both systems, and has substantially improved the detection accuracy. The proposed work is significant in advancing web securities, while the multi-stage log analysis concept would be highly applicable to many intrusion detection applications.

机译：基于网络的申请在每个生命中获得了普遍的验收，包括社会，商业，政府和学术界。即使最近云技术的出现，也可以通过Web接口访问和控制大多数云应用程序。因此，网络安全性继续基本上是重要的，非常具有挑战性。 Web应用程序的一个主要安全问题是SQL注入攻击。最多现有的解决方案用于检测这些攻击使用日志分析，并采用模式匹配或机器学习方法。模式匹配方法可以有效，动态，然而，它们无法检测到新的攻击。监督机器学习方法可以检测到新的攻击，但他们需要依靠离线训练阶段。这项工作提出了一种多级日志分析架构，它结合了模式匹配和监督机器学习方法。它使用应用程序生成的日志在攻击期间有效地检测到攻击并帮助防止未来的攻击。详细描述了该架构，在Amazon AWS上实现并托管了概念验证原型，用于使用Kibana进行模式匹配和贝叶斯网络进行机器学习。它是在10,000日志中进行评估，用于检测SQL注入攻击。实验结果表明，两级系统已将两个系统的优点组合在一起，并且大大提高了检测精度。拟议的工作在推进Web证券方面具有重要意义，而多级日志分析概念将高度适用于许多入侵检测应用。

著录项

来源
《IEEE International Conference on Advanced Computing》|2016年|1 v.|共6页
会议地点
作者
Melody Moh; Santhosh Pininti; Sindhusha Doddapaneni; Teng-Sheng Moh;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;
关键词
Pattern matching; Data visualization; Learning systems; Security; Training; Databases; Cloud computing;

机译：模式匹配;数据可视化;学习系统;安全;培训;数据库;云计算;

相似文献

外文文献
中文文献
专利

1. HTTP-sCAN: Detecting HTTP-flooding attack by modeling multi-features of web browsing behavior from noisy web-logs [J] . Wang Jin, Zhang Min, Yang Xiaolong, Communications, China . 2015,第2期

机译：HTTP-sCAN：通过从嘈杂的Web日志中建模Web浏览行为的多种功能来检测HTTP泛洪攻击
2. Analyse and Detect the IP Spoofing Attack in Web Log Files Using BPNN for Classification [J] . Vedna Sharma, Monika Thakur International Journal of Computer Trends and Technology . 2016,第2期

机译：使用BPNN分类分析和检测Web日志文件中的IP欺骗攻击
3. Analysis of Web Server Log Files and Attack Detection [J] . R. Faradzhullaev Automatic Control and Computer Sciences . 2008,第1期

机译：Web服务器日志文件分析和攻击检测
4. Detecting Web Attacks Using Multi-stage Log Analysis [C] . Melody Moh, Santhosh Pininti, Sindhusha Doddapaneni, IEEE International Conference on Advanced Computing . 2016

机译：使用多阶段日志分析检测Web攻击
5. A unified cyber-enhanced approach for detecting cross-site scripting attacks on Web applications [D] . Gurijala, Bhanukiran 2016

机译：一种用于检测Web应用程序上跨站点脚本攻击的统一的网络增强方法
6. Visual Clustering Analysis of CIS Logs to Inform Creation of a User-configurable Web CIS Interface [O] . Y. Senathirajah, S. Bakken -1

机译：CIS日志的可视聚类分析以告知创建用户可配置的Web CIS接口
7. A Bayesian Belief Network Model For Detecting Multi-stage Attacks With Malicious IP Addresses [O] . Alile S.O, Egwali A.O 2020

机译：一种贝叶斯信仰网络模型，用于检测恶意IP地址的多级攻击

Detecting Web Attacks Using Multi-stage Log Analysis

摘要

著录项

相似文献

相关主题

期刊订阅