Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Collective Intelligence

ICCCI 2014: Computational Collective Intelligence. Technologies and Applications pp 384–393Cite as

Collective Detection of Potentially Harmful Requests Directed at Web Sites

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 8733))

Abstract

The number of web-based activities and websites is growing every day. Unfortunately, so is cyber-crime. Every day, new vulnerabilities are reported and the number of automated attacks is constantly rising. Typical signature-based methods rely on expert knowledge and the distribution of updated information to the clients (e.g. anti-virus software) and require more effort to keep the systems up to date. At the same time, they do not protect against the newest (e.g. zero-day) threats. In this article, a new method is proposed, whereas cooperating systems analyze incoming requests, identify potential threats and present them to other peers. Each host can then utilize the findings of the other peers to identify harmful requests, making the whole system of cooperating servers “remember” and share information about the threats.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments, http://www.nsa.gov/ia/_files/support/defenseindepth.pdf , http://www.nsa.gov/ia/_files/support/defenseindepth.pdf

  2. PhpMyAdmin, http://sourceforge.net/projects/phpmyadmin/

  3. Agosti, M., Crivellari, F., Di Nunzio, G.: Web log analysis: a review of a decade of studies about information acquisition, inspection and interpretation of user interaction. Data Mining and Knowledge Discovery 24(3), 663–696 (2012), http://dx.doi.org/10.1007/s10618-011-0228-8 , http://www.bibsonomy.org/bibtex/29b85b7d3c5587c5f0920f0d602ba93b1/sdo

  4. Auxilia, M., Tamilselvan, D.: Anomaly detection using negative security model in web application. In: 2010 International Conference on Computer Information Systems and Industrial Management Applications (CISIM), pp. 481–486 (2010)

    Google Scholar 

  5. Christey, S.: 2011 CWE/SANS Top 25 Most Dangerous Software Errors. Tech. rep. (2011), http://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.pdf

  6. Cova, M., Balzarotti, D., Felmetsger, V., Vigna, G.: Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 63–86. Springer, Heidelberg (2007), http://dx.doi.org/10.1007/978-3-540-74320-0_4

    Chapter  Google Scholar 

  7. Iváncsy, R., Vajk, I.: Frequent Pattern Mining in Web Log Data. Acta Polytechnica Hungarica 3(1) (2006), http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.101.4559 ; http://www.bibsonomy.org/bibtex/2f29f4627c9ae99370fc7ba005982e2e6/sdo

  8. iVIZ: Web Application Vulnerability Statistics Report (2013), http://www.securitybistro.com/?p=4966

  9. Johari, R., Sharma, P.: A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection. In: 2012 International Conference on Communication Systems and Network Technologies (CSNT), pp. 453–458 (2012)

    Google Scholar 

  10. JSON: A lightweight data-interchange format, http://www.json.org

  11. Kayne, R.: What Are Script Kiddies, http://www.wisegeek.com/what-are-script-kiddies.htm

  12. Kruegel, C., Vigna, G.: Anomaly Detection of Web-Based Attacks. pp. 251–261. ACM Press (2003), http://www.bibsonomy.org/bibtex/2099e1b9a6e57960e4b3e02410e83cb64/liangzk

  13. Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Computer Networks 48(5), 717–738 (2005), http://dx.doi.org/10.1016/j.comnet.2005.01.009

  14. Netcraft: Web Server Survey (2013), http://news.netcraft.com/archives/2013/11/01/november-2013-web-server-survey.html

  15. Pałka, D., Zachara, M.: Learning web application firewall - benefits and caveats. In: Tjoa, A.M., Quirchmayr, G., You, I., Xu, L. (eds.) ARES 2011. LNCS, vol. 6908, pp. 295–308. Springer, Heidelberg (2011), http://dl.acm.org/citation.cfm?id=2033973.2033999

    Chapter  Google Scholar 

  16. Sun, Z., Sheng, H., Wei, M., Yang, J., Zhang, H., Wang, L.: Application of web log mining in local area network security. In: EMEIT. pp. 3897–3900. IEEE (2011), http://dblp.uni-trier.de/db/conf/emeit/emeit2011.html#SunSWYZW11 ; http://dx.doi.org/10.1109/EMEIT.2011.6023097 ; http://www.bibsonomy.org/bibtex/23badf5326d9486b9b17c48ab47576eaa/dblp

  17. Symantec: Internet Security Threat Report (2013), http://www.symantec.com/security_response/publications/threatreport.jsp

  18. WhiteHat: Website Security Statistics Report (2013), http://info.whitehatsec.com/2013-website-security-report.html

Download references

Author information

Authors and Affiliations

  1. AGH University of Science and Technology, 30 Mickiewicza Av., 30-059, Krakow, Poland

    Marek Zachara

Authors
  1. Marek Zachara
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Yeungnam University, Korea

    Dosam Hwang  & Jason J. Jung  & 

  2. Institute of Informatics, Wroclaw University of Technology, Wybrzeze Wyspianskiego 27, 50-370, Wroclaw, Poland

    Ngoc-Thanh Nguyen

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Zachara, M. (2014). Collective Detection of Potentially Harmful Requests Directed at Web Sites. In: Hwang, D., Jung, J.J., Nguyen, NT. (eds) Computational Collective Intelligence. Technologies and Applications. ICCCI 2014. Lecture Notes in Computer Science(), vol 8733. Springer, Cham. https://doi.org/10.1007/978-3-319-11289-3_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11289-3_39

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11288-6

  • Online ISBN: 978-3-319-11289-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation