Detection of Web-Based Attacks by Analyzing Web Server Log Files

  • Nanhay Singh
  • Achin Jain
  • Ram Shringar Raw
  • Rahul Raman
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 243)

Abstract

In today’s scenario, Web traffic is increasing everyday in the world and has overtaken P2P traffic. The Websites are getting hacked on daily basis. These rises in hacking activity pose a greater threat than the network attacks as they threaten to steal crucial and important information from Website. This information can be related to the users, employee, and other important data stored in applications and database linked to the Website. Increase in Web network traffic has opened new and more efficient attack vectors for the hackers and attackers to work with. Attackers take advantage of the vulnerability in traditional firewalls deployed on Website. These firewalls are not designed to protect Web applications; lots of Websites are getting attacked by malicious scripts and users. In this paper, many Web attacks are carried out on Web applications hosted on local server to analyze the log file created after the attacks. A Web application log file allows a detailed analysis of a user action. We have simulated some Web attacks using MATLAB. Results extracted from this process helps in the recognition of majority of the attacks and helps in prevention from further exploitation.

Keywords

Web attacks Web server log file Buffer overflow attack iFrame injection attack 

References

  1. 1.
    CERT. Advisory CA-2000-02: Malicious HTML tags embedded in client Web requests. Accessed from http://www.cert.org/advisories/CA-2000-02.html (2000)
  2. 2.
    Endler, D.: The evolution of cross site scripting attacks. Technical report, iDEFENSE Labs, (2002)Google Scholar
  3. 3.
    Berinato, S.: Software vulnerability disclosure: The chilling effect. Accessed from http://www.csoonline.com/article/221113/software-vulnerability-disclosure-the-chilling-effect (2007)
  4. 4.
    Aucsmith, D.: Creating and maintaining software that resists malicious attack. http://www.gtisc.gatech.edu/bioaucsmith.html. Accessed on Sept 2004. Distinguished Lecture Series (2004)
  5. 5.
    T. O. Foundation: Top ten most critical Web application vulnerabilities 2005. Accessed from http://www.owasp.org/documentation/topten.html (2005)
  6. 6.
    Singh, N, Singh, K, Raw, R.S.: Analysis of detection and prevention of various SQL injection attacks on Web applications. IJAIS 2(7), (2012)Google Scholar
  7. 7.
    Cross-Site Request Forgery: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF). Accessed on Nov 2011
  8. 8.
    OWASP Top 10 Application Security Risks: http://www.owasp.org/index.php/Top_10_2010-Main. Accessed on Nov 2011
  9. 9.
    Open Source Vulnerability Database (OSVDB): http://osvdb.org. Accessed on Nov 2011
  10. 10.
    Common Vulnerabilities and Exposures (CVE): http://cve.mitre.org. Accessed on Nov 2011
  11. 11.
    Joshila Grace, L.K., Maheswari, V., Nagamalai, D.: Analysis of Weblogs and Web user in Web mining. Int. J. Netw. Secur. Appl. (IJNSA) 3(1), (2011)Google Scholar
  12. 12.
    Pamnani, R., Chawan, P.: Web Usage Mining: A Research Area in Web Mining. Department of Computer Technology, VJTI University, Mumbai (2010)Google Scholar
  13. 13.
    Kuperman, B.A., Brodley, C.E., Ozdoganoglu, H., Vijaykumar, T.N., Jalote, A.: Detecting and prevention of stack buffer overflow attacks. Commun. ACM 48(11), 50–56 (2005)Google Scholar

Copyright information

© Springer India 2014

Authors and Affiliations

  • Nanhay Singh
    • 1
  • Achin Jain
    • 1
  • Ram Shringar Raw
    • 1
  • Rahul Raman
    • 2
  1. 1.Ambedkar Institute of Advanced communication Technologies and ResearchDelhiIndia
  2. 2.National Institute of TechnologyRourkelaIndia

Personalised recommendations