Two-Step Hierarchical Scheme for Detecting Detoured Attacks to the Web Server

Byungha Choi1 and Kyungsan Cho2

  1. Graduate School, Dankook University
    Yongin, Gyeonggi, Korea
    notanything@hanmail.net
  2. Dept. of Software Science, Dankook University
    Yongin, Gyeonggi, Korea
    kscho@dankook.ac.kr

Abstract

In this paper, we propose an improved detection scheme to protect a Web server from detoured attacks, which disclose confidential/private information or disseminate malware codes through outbound traffic. Our scheme has a two-step hierarchy, whose detection methods are complementary to each other. The first step is a signature-based detector that uses Snort and detects the marks of disseminating malware, XSS, URL Spoofing and information leakage from the Web server. The second step is an anomaly-based detector which detects attacks by using the probability evaluation in HMM, driven by both payload and traffic characteristics of outbound packets. Through the verification analysis under the attacked Web server environment, we show that our proposed scheme improves the False Positive rate and detection efficiency for detecting detoured attacks to a Web server.

Key words

detection scheme, two-step detection, detoured attack, signaturebased, anomaly-based, outbound traffic

Digital Object Identifier (DOI)

https://doi.org/10.2298/CSIS120908026C

Publication information

Volume 10, Issue 2 (April 2013)
Special Issue on Advances on Mobile Collaborative Systems
Year of Publication: 2013
ISSN: 1820-0214 (Print) 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

DownloadAvailable in PDF
Portable Document Format

How to cite

Choi, B., Cho, K.: Two-Step Hierarchical Scheme for Detecting Detoured Attacks to the Web Server. Computer Science and Information Systems, Vol. 10, No. 2, 633-649. (2013)