R. Ludinard, Eric Totel, F. Tronel, V. Nicomette, M. Kaâniche, E. Alata, R. Akrout, Yann Bachy
{"title":"基于不变量的Web应用数据攻击检测方法","authors":"R. Ludinard, Eric Totel, F. Tronel, V. Nicomette, M. Kaâniche, E. Alata, R. Akrout, Yann Bachy","doi":"10.4018/IJSSE.2014010102","DOIUrl":null,"url":null,"abstract":"RRABIDS Ruby on Rails Anomaly Based Intrusion Detection System is an application level intrusion detection system IDS for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"52 1","pages":"19-38"},"PeriodicalIF":0.0000,"publicationDate":"2014-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications\",\"authors\":\"R. Ludinard, Eric Totel, F. Tronel, V. Nicomette, M. Kaâniche, E. Alata, R. Akrout, Yann Bachy\",\"doi\":\"10.4018/IJSSE.2014010102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"RRABIDS Ruby on Rails Anomaly Based Intrusion Detection System is an application level intrusion detection system IDS for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.\",\"PeriodicalId\":89158,\"journal\":{\"name\":\"International journal of secure software engineering\",\"volume\":\"52 1\",\"pages\":\"19-38\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International journal of secure software engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJSSE.2014010102\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJSSE.2014010102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
摘要
RRABIDS基于Ruby on Rails异常的入侵检测系统是一个应用级的入侵检测系统,用于使用Ruby on Rails框架实现的应用程序。该入侵检测系统的目标是检测针对web应用程序上下文中数据的攻击。这种基于异常的IDS侧重于使用不变量对正常应用程序配置文件进行建模。这些不变量是在学习阶段发现的。然后,它们被用于在源代码级别检测web应用程序,这样就可以在运行时检测到与正常配置文件的偏差。本文通过简单的示例说明了该方法如何检测众所周知的涉及应用程序状态违反的web攻击类别,例如SQL注入。最后,进行评估阶段,以评估所提出的方法提供的检测的准确性。
An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications
RRABIDS Ruby on Rails Anomaly Based Intrusion Detection System is an application level intrusion detection system IDS for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
