Abstract:The widespread use of the Internet comes accompanied with severe threats for web applications security. Intrusion Detection Systems (IDS) have been considered to deal with the diversity and complexity of web attacks. In this context, this work proposes an algorithm for web attack detection, exploring an anomaly-based technique: the wavelet transform. The proposed algorithm analyzes anomalies within variations on characters frequencies in web requests. Experimental results show high rates of detection without false positive occurrences.
Em sistemas computacionais a informação é um ativo que está sujeito a inúmeras ameaças. No tráfego web, o conjunto de caracteres contido nas requisições HTTP enviadas a uma aplicação web é a principal entrada de sequências maliciosas dos atacantes. Sistemas de detecção de intrusão baseados na análise da distribuição da frequência deste conjunto de caracteres são utilizados para identificar ações maliciosas. Este artigo descreve um algoritmo de detecção de ataques web baseado em anomalias no tráfego HTTP que aplica a Transformada Wavelet Haar Bidimensional e Hard Threshold. A comparação com algoritmos que usam estratégias diferentes indica a eficiência da abordagem na detecção de ataques web, possibilitando elevar a taxa de detecção.
The analysis of network traffic is a key area for the management of fault-tolerant systems, since anomalies in network traffic can affect the availability and quality of service (QoS). This work proposes an intrusion detection tool based on the two-dimensional wavelet transform to quickly and effectively detect anomalies in computer networks generated by denial of service (DoS). Experiments were performed using two databases: a synthetic (DARPA) and another one from data collected at the Federal University of Santa Maria (UFSM), allowing analysis of the intrusion detection tool under different scenarios. The wavelets considered for the tests were all from the orthonormal family of Daubechies: Haar (Db1), Db2, Db4 and Db8 (with 1, 2, 4 and 8 null vanishing moments respectively). For the DARPA database we obtained a detection rate up to 100% and 95% for the UFSM database.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.