A Study of Web Application Attack Detection extended ESM Agent

kim,Sung-Rak

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2007, 12(1), pp.163-170
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

kim,Sung-Rak ¹

¹ 오산대학

ABSTRACT

Web attack uses structural, logical and coding error of web application rather than vulnerability to Web server itself. According to the Open Web Application Security Project (OWASP) published about ten types of the web application vulnerability to show the causes of hacking, the risk of hacking and the severity of damage are well known. The detection ability and response is important to deal with web hacking. Filtering methods like pattern matching and code modification are used for defense but these methods can not detect new types of attacks. Also though the security unit product like IDS or web application firewall can be used, these require a lot of money and efforts to operate and maintain, and security unit product is likely to generate false positive detection. In this research profiling method that attracts the structure of web application and the attributes of input parameters such as types and length is used, and by installing structural database of web application in advance it is possible that the lack of the validation of user input value check and the verification and attack detection is solved through using profiling identifier of database against illegal request. Integral security management system has been used in most institutes. Therefore even if additional unit security product is not applied, attacks against the web application will be able to be detected by showing the model, which the security monitoring log gathering agent of the integral security management system and the function of the detection of web application attack are combined.
KEYWORDS

ESM , Intrusion Detection , Web Application
REFERENCES (15)

[confproc] Jeffry R. Williams / 2004 / The Ten Most Critical Web Application Security Vulnerabilities / OWASP

[journal] Christopher Kruegel / 2005 / A multi-model approach to the detection of web-based attacks / Computer Networks 48 (5) : 717~738

[book] Mark Curphey / 2003 / Improving Web Application Security : Threats and Countermeasures / Microsoft Corporation

[web] Robert Auger / 2004 / Web Application Security Consortium : Threat Classification Version 1. 0 / Web Application Security Consortium / www.webappsec.org

[journal] 김성락 / 2004 / Web-Server Security Management system using the correlation analysis / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 9 (4) : 157~165

[web] / (주)이글루시큐리티 / http://www.igloosec.co.kr

[journal] 윤영태 / 2006 / Profile based Web Application Attack Detection and Filtering Method / 정보처리학회논문지C / 한국정보처리학회 13 (1) : 19~26

[confproc] 박채금 / 2005 / 웹 어플리케이션 보안을 위한 프로파일 기반 탐지시스템 설계 / 한국정보처리학회 추계학술발표대회 논문집 12 (2) : 1055~1058

[journal] 차병래 / 2003 / 이상 침입탐지를 위한 베이지안 네트워크 기반의 정상행위 프로파일링 / 한국컴퓨터정보학회 논문지 8 (1) : 103~113

[web] / 어울림정보기술(주) / http://www.oullim.co.kr

[web] / (주)제이컴정보 / http://www.jcsi.co.kr

[web] / (주)모니터랩 / http://www.monitorapp.com/kr/

[book] Shreeraj Shah / 2004 / Defending Web Services using Mod Security(Apache) / NetSquare

[web] / TelephortPro / http://www.tenmax.com/telport/pro/home/htm

[web] / Acunetix / http://www.acunetix.com/
KCI Citation (4)

KJC Korea
Journal Central

Statistics

Tools