Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology and Network Security

CANS 2006: Cryptology and Network Security pp 286–302Cite as

Cooperative Intrusion Detection for Web Applications

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4301))

Abstract

This contribution involves cooperative information systems, and more precisely interorganizational systems (IOS). Indeed, experience of real enterprises shows that most IOS interoperate today over the Web. To “ensure” security of these IOS on the Web (in particular, security of the applications they are made of), various hardware and software protection can be employed. Our work falls into the field of intrusion detection, and covers more precisely intrusion detection for Web applications. Several misuse-based intrusion detection systems (IDSs) were developed recently for Web applications, whereas, to our knowledge, only one anomaly-based Web IDS exists and works effectively to date. This one was unfortunately conceived disregarding any kind of cooperation. In previous work, we improved it to gain in sensitivity and specificity. This paper describes a cooperation feature added to the IDS, so that it is able to perform an alarm correlation with other detectors, allowing coo-perative intrusion detection, as well as an event correlation to detect distributed attacks. The first experiments in real environment show encouraging results.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Almgren, M., Debar, H., Dacier, M.: A Lightweight tool for monitoring web server logs. In: Network and Distributed System Security Symposium (NDSS 2000), San Diego, CA (February 2000)

    Google Scholar 

  2. Amami, M., Thévenot, J.: L’Internet marchand: caractérisation et positionnements stratégiques. Systèmes d’Information et Management 5(1), 5–40 (2000)

    Google Scholar 

  3. Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Chichester (2001), available at: http://www.cl.cam.ac.uk/~rja14/book.html

  4. Aubert, B.A., Dussart, A.: Systèmes d’Information Inter-Organisationnels. Rapport Bourgogne. CIRANO (March 2002)

    Google Scholar 

  5. Axelsson, S.: The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. In: 6th ACM Conference on Computer and Communications Security (1999)

    Google Scholar 

  6. Ben Amor, N., Benferhat, S., Elouedi, Z.: Réseaux Bayésiens naïfs et arbres de décision dans les systèmes détection d’intrusions. Technique et Science Informatiques (2006)

    Google Scholar 

  7. Cheswick, W.R., Bellovin, S.M., Rubin, A.D.: Firewalls and Internet Security: Repelling the Wily Hacker, 2nd edn. Addison-Wesley Professional, Reading (2003)

    Google Scholar 

  8. Dagorn, N.: Détection d’intrusion pour les applications Web. Master’s Degree Dissertation in Computer Science. University of Nancy1, France (June 2006)

    Google Scholar 

  9. Dagorn, N.: Intrusion Detection for Web Applications (short version). In: Secrypt International Conference (Secrypt 2006), Setubal, Portugal (August 2006)

    Google Scholar 

  10. Dagorn, N.: Intrusion Detection for Web Applications. In: IADIS International Conference on WWW/Internet (ICWI 2006), Murcia, Spain (October 2006)

    Google Scholar 

  11. Dagorn, N.: La sécurité des systèmes d’information coopérants - Proposition d’un système de détection d’anomalie pour les applications Web. Ph.D. dissertation in Management Sciences and Computer Science. Universities of Nancy2 (France) and Luxembourg (Luxembourg) (in progress)

    Google Scholar 

  12. Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format. Internet Draft IETF (January 27, 2005) (expires: September 17, 2006), http://www.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-16.txt

  13. Debar, H., Tombini, E.: WebAnalyzer: Détection précise d’attaques contre les serveurs http. In: 4th Conference on Security and Network Architectures (SAR 2005), Batz sur Mer, France (June 2005)

    Google Scholar 

  14. Froehlicher, T.: La dynamique de l’organisation relationnelle: conventions et réseaux sociaux au regard de l’enchevêtrement des modes de coordination. Finance Contrôle Stratégie. Economica (2000)

    Google Scholar 

  15. Froehlicher, T., Kuhn, A., Schmidt, G.: Compétences relationnelles et métamorphoses des organisations. Eska (2001)

    Google Scholar 

  16. Gu, G., Fogla, P., Dagon, D., Lee, W.: Measuring Intrusion Detection Capability: An Information-Theoretic Approach. In: Symposium on Information, Computer and Communications Security (ASIACCS 2006), Taipei, Taiwan, pp. 90–101. ACM Press, New York (2006)

    Chapter  Google Scholar 

  17. Ibrahim, M.: Interorganizational Systems From Different Perspectives. In: Conference of Information Science (Infwet 2003). Eindhoven, Netherland (November 2003)

    Google Scholar 

  18. Julisch, K.: Clustering Intrusion Detection Alarms to Support Root Cause Analysis. ACM Transactions on Information and System Security 6(4) (November 2003)

    Google Scholar 

  19. Julisch, K.: Using Root Cause Analysis to Handle Intrusion Detection Alarms. Ph.D. dissertation. University of Dortmund, Germany (2003)

    Google Scholar 

  20. Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian Event Classification for Intrusion Detection. In: 19th Annual Computer Security Applications Conference (ACSAC). IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  21. Kruegel, C., Valeur, F., Vigna, G.: Intrusion Detection and Correlation – Challenges and Solutions. In: Advances in Information Security 14. Springer, Heidelberg (2005)

    Google Scholar 

  22. Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Computer Networks 48(5), 717–738 (2005)

    Article  Google Scholar 

  23. Lehtinen, R.: Computer Security Basics, 2nd edn. O’Reilly Media, Sebastopol (2006)

    Google Scholar 

  24. Qin, X.: A Probabilistic-Based Framework for INFOSEC Alert Correlation. Ph.D. dissertation. College of Computing, Georgia Institute of Technology, USA (August 2005)

    Google Scholar 

  25. Reix, R.: Systèmes d’information et management des organisations. Quatrième édn. Vuibert (June 2002)

    Google Scholar 

  26. Scambray, J., Shema, M., Sima, C.: Hacking Exposed Web Applications, 2nd edn. Mcgraw-Hill Osborne Media, New York (2006)

    Google Scholar 

  27. Sharma, P.: The effects of interorganizational systems on process and structure in buyer-seller exchange. Ph.D. dissertation. University of Nebraska–Lincoln, Lincoln, NE (2000)

    Google Scholar 

  28. SMILE: Structural Modeling, Inference and Learning Engine, http://genie.sis.pitt.edu/

  29. Valdes, A., Skinner, K.: Adaptive, Model-based Monitoring for Cyber Attack Detection. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 80–92. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  30. Web Application Security Consortium, http://www.webappsec.org/

  31. Wood, M., Erlinger, M.: Intrusion Detection Message Exchange Requirements. Internet-Draft draft-ietf-idwg-requirements-10 (October 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory of Algorithmics, Cryptology and Security (LACS), University of Luxembourg, 162a Avenue de la Faïencerie, L-1511, Luxembourg, Luxembourg

    Nathalie Dagorn

Authors
  1. Nathalie Dagorn
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ecole Normale Supérieure – LIENS/CNRS/INRIA,, France

    David Pointcheval

  2. Centre for Computer and Information Security Research School of Computer Science and Software Engineering, University of Wollongong, Australia

    Yi Mu

  3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dagorn, N. (2006). Cooperative Intrusion Detection for Web Applications. In: Pointcheval, D., Mu, Y., Chen, K. (eds) Cryptology and Network Security. CANS 2006. Lecture Notes in Computer Science, vol 4301. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11935070_20

Download citation

  • DOI: https://doi.org/10.1007/11935070_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-49462-1

  • Online ISBN: 978-3-540-49463-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation