Anomaly Detection Scheme of Web-based attacks by applying HMM to HTTP Outbound Traffic (HTTP Outbound Traffic에 HMM을 적용한 웹 공격의 비정상 행위 탐지 기법)

최병하; Sungkyo Choi (최승교); Kyungsan CHO (조경산)

Anomaly Detection Scheme of Web-based attacks by applying HMM to HTTP Outbound Traffic

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2012, 17(5), pp.33-40
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

최병하 ¹, Sungkyo Choi ², Kyungsan CHO ¹

¹단국대학교
²강원대학교

Accredited

ABSTRACT

In this paper we propose an anomaly detection scheme to detect new attack paths or new attack methods without false positives by monitoring HTTP Outbound Traffic after efficient training. Our proposed scheme detects web-based attacks by comparing tags or javascripts of HTTP Outbound Traffic with normal behavioral models which apply HMM(Hidden Markov Model). Through the verification analysis under the real-attacked environment, we show that our scheme has superior detection capability of 0.0001% false positive and 96% detection rate.

KEYWORDS

Web-based Attacks, HTTP Outbound Traffic, Anomaly Detection, HMM(Hidden Markov Model), HTML tag, Javascript

Citation status

* References for papers published after 2023 are currently being built.

[confproc] Wang Qinquan / 2010 / Research on Network Attack and Detection Methods / Procs. of Education Technology and Computer Science(ETCS) : 630~633

[report] Justin Crist / 2008 / Web base Attacks / SANS Instutute

[journal] 최병하 / 2011 / An Efficient Detecting Scheme of Web-based Attacks through Monitoring HTTP Outbound Traffics / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 16(1) : 125~132

[web] / Ahn LAB / http://core.ahnlab.com/261

[journal] 김길한 / 2006 / False Alarm Minimization Technologyusing SVM in Intrusion Prevention System / 인터넷정보학회논문지 / 한국인터넷정보학회 7(3) : 119~132

[journal] 신동진 / 2009 / Design and Implementation of an Intrusion Detection System based on Outflow Traffic Analysis / 한국콘텐츠학회 논문지 / 한국콘텐츠학회 9(4) : 131~141

[report] Karen Scarfone / 2009 / Guidelines on Firewalls and Firewall Policy / National Institute of Standards and Technology

[confproc] Ha-Na Yoon / 2009 / Design and Implementation of Web AttackDetection System Based on Audit Data / Procs. of Korea Society for Internet Infromation 20 : 295~298

[journal] Varun chandola / 2009 / Anomaly Detection : A Survey / ACM Computing Surveys (CSUR) 41(3)

[journal] 장재영 / 2007 / An Outlier Cluster Detection Technique for Real-time Network Intrusion Detection Systems / 인터넷정보학회논문지 / 한국인터넷정보학회 8(6) : 43~53

[journal] 박성철 / 2009 / Improvement of Network Intrusion Detection Rate by Using LBG Algorithm Based Data Mining / 지능정보연구 / 한국지능정보시스템학회 15(4) : 23~36

[journal] Muna Mhammad T. Jawhar / 2010 / Design Network Intrusion Detection Systemusing hybrid Fuzzy-Neural Network / International Journal of Computer Science andSecurity 4(3)

[confproc] Sang-Jun Han / 2002 / Intrusion Detection Using Multiple Measure Modeling and Integration / Procs. of Korean Information Science Society 29(2) : 523~525

[confproc] Igino Corona / 2009 / HMM-Web : a framework for the detection ofattacks against Web applications / Procs. of ICC'09. IEEE International Conference : 1~6

[journal] 문형득 / 2004 / Recognition of conducting motion using HMM / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 9(1) : 25~30

[journal] 한상준 / 2005 / Effective Intrusion Detection using Evolutionary Neural Networks / 정보과학회논문지 : 정보통신 / 한국정보과학회 32(3) : 301~309

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65