Abstract
This contribution involves cooperative information systems, and more precisely interorganizational systems (IOS). Indeed, experience of real enterprises shows that most IOS interoperate today over the Web. To “ensure” security of these IOS on the Web (in particular, security of the applications they are made of), various hardware and software protection can be employed. Our work falls into the field of intrusion detection, and covers more precisely intrusion detection for Web applications. Several misuse-based intrusion detection systems (IDSs) were developed recently for Web applications, whereas, to our knowledge, only one anomaly-based Web IDS exists and works effectively to date. This one was unfortunately conceived disregarding any kind of cooperation. In previous work, we improved it to gain in sensitivity and specificity. This paper describes a cooperation feature added to the IDS, so that it is able to perform an alarm correlation with other detectors, allowing coo-perative intrusion detection, as well as an event correlation to detect distributed attacks. The first experiments in real environment show encouraging results.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Almgren, M., Debar, H., Dacier, M.: A Lightweight tool for monitoring web server logs. In: Network and Distributed System Security Symposium (NDSS 2000), San Diego, CA (February 2000)
Amami, M., Thévenot, J.: L’Internet marchand: caractérisation et positionnements stratégiques. Systèmes d’Information et Management 5(1), 5–40 (2000)
Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Chichester (2001), available at: http://www.cl.cam.ac.uk/~rja14/book.html
Aubert, B.A., Dussart, A.: Systèmes d’Information Inter-Organisationnels. Rapport Bourgogne. CIRANO (March 2002)
Axelsson, S.: The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. In: 6th ACM Conference on Computer and Communications Security (1999)
Ben Amor, N., Benferhat, S., Elouedi, Z.: Réseaux Bayésiens naïfs et arbres de décision dans les systèmes détection d’intrusions. Technique et Science Informatiques (2006)
Cheswick, W.R., Bellovin, S.M., Rubin, A.D.: Firewalls and Internet Security: Repelling the Wily Hacker, 2nd edn. Addison-Wesley Professional, Reading (2003)
Dagorn, N.: Détection d’intrusion pour les applications Web. Master’s Degree Dissertation in Computer Science. University of Nancy1, France (June 2006)
Dagorn, N.: Intrusion Detection for Web Applications (short version). In: Secrypt International Conference (Secrypt 2006), Setubal, Portugal (August 2006)
Dagorn, N.: Intrusion Detection for Web Applications. In: IADIS International Conference on WWW/Internet (ICWI 2006), Murcia, Spain (October 2006)
Dagorn, N.: La sécurité des systèmes d’information coopérants - Proposition d’un système de détection d’anomalie pour les applications Web. Ph.D. dissertation in Management Sciences and Computer Science. Universities of Nancy2 (France) and Luxembourg (Luxembourg) (in progress)
Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format. Internet Draft IETF (January 27, 2005) (expires: September 17, 2006), http://www.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-16.txt
Debar, H., Tombini, E.: WebAnalyzer: Détection précise d’attaques contre les serveurs http. In: 4th Conference on Security and Network Architectures (SAR 2005), Batz sur Mer, France (June 2005)
Froehlicher, T.: La dynamique de l’organisation relationnelle: conventions et réseaux sociaux au regard de l’enchevêtrement des modes de coordination. Finance Contrôle Stratégie. Economica (2000)
Froehlicher, T., Kuhn, A., Schmidt, G.: Compétences relationnelles et métamorphoses des organisations. Eska (2001)
Gu, G., Fogla, P., Dagon, D., Lee, W.: Measuring Intrusion Detection Capability: An Information-Theoretic Approach. In: Symposium on Information, Computer and Communications Security (ASIACCS 2006), Taipei, Taiwan, pp. 90–101. ACM Press, New York (2006)
Ibrahim, M.: Interorganizational Systems From Different Perspectives. In: Conference of Information Science (Infwet 2003). Eindhoven, Netherland (November 2003)
Julisch, K.: Clustering Intrusion Detection Alarms to Support Root Cause Analysis. ACM Transactions on Information and System Security 6(4) (November 2003)
Julisch, K.: Using Root Cause Analysis to Handle Intrusion Detection Alarms. Ph.D. dissertation. University of Dortmund, Germany (2003)
Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian Event Classification for Intrusion Detection. In: 19th Annual Computer Security Applications Conference (ACSAC). IEEE Computer Society Press, Los Alamitos (2003)
Kruegel, C., Valeur, F., Vigna, G.: Intrusion Detection and Correlation – Challenges and Solutions. In: Advances in Information Security 14. Springer, Heidelberg (2005)
Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Computer Networks 48(5), 717–738 (2005)
Lehtinen, R.: Computer Security Basics, 2nd edn. O’Reilly Media, Sebastopol (2006)
Qin, X.: A Probabilistic-Based Framework for INFOSEC Alert Correlation. Ph.D. dissertation. College of Computing, Georgia Institute of Technology, USA (August 2005)
Reix, R.: Systèmes d’information et management des organisations. Quatrième édn. Vuibert (June 2002)
Scambray, J., Shema, M., Sima, C.: Hacking Exposed Web Applications, 2nd edn. Mcgraw-Hill Osborne Media, New York (2006)
Sharma, P.: The effects of interorganizational systems on process and structure in buyer-seller exchange. Ph.D. dissertation. University of Nebraska–Lincoln, Lincoln, NE (2000)
SMILE: Structural Modeling, Inference and Learning Engine, http://genie.sis.pitt.edu/
Valdes, A., Skinner, K.: Adaptive, Model-based Monitoring for Cyber Attack Detection. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 80–92. Springer, Heidelberg (2000)
Web Application Security Consortium, http://www.webappsec.org/
Wood, M., Erlinger, M.: Intrusion Detection Message Exchange Requirements. Internet-Draft draft-ietf-idwg-requirements-10 (October 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dagorn, N. (2006). Cooperative Intrusion Detection for Web Applications. In: Pointcheval, D., Mu, Y., Chen, K. (eds) Cryptology and Network Security. CANS 2006. Lecture Notes in Computer Science, vol 4301. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11935070_20
Download citation
DOI: https://doi.org/10.1007/11935070_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49462-1
Online ISBN: 978-3-540-49463-8
eBook Packages: Computer ScienceComputer Science (R0)