• Non ci sono risultati.

Techniques for Large-Scale Automatic Detection of Web Site Defacements

N/A
N/A
Info
Scarica
Protected

Academic year: 2021

Condividi "Techniques for Large-Scale Automatic Detection of Web Site Defacements"

Copied!
1
0
0

Caricamento.... (Visualizza il testo completo ora)

Scarica adesso ( 1 pagine )

Testo completo

(1)

Techniques for Large-Scale Automatic Detection of Web Site Defacements

Eric Medvet

Abstract

Web site defacement, the process of introducing unauthorized modifications to a web site, is a very common form of attack. This thesis describes the design and experimental evaluation of a framework that may constitute the basis for a defacement detection service capable of monitoring thousands of remote web sites systematically and automatically. With this framework an organization may join the service by simply providing the URL of the resource to be monitored along with the contact point of an administrator. The monitored organization may thus take advantage of the service with just a few mouse clicks, without installing any software locally nor changing its own daily operational processes.

The main proposed approach is based on anomaly detection and allows monitoring the integrity of many remote web resources automatically while remaining fully decoupled from them, in particular, without requiring any prior knowledge about those resources. During a preliminary learning phase a profile of the monitored resource is built automatically. Then, while monitoring, the remote resource is retrieved periodically and an alert is generated whenever something “unusual” shows up.

The thesis discusses about the effectiveness of the approach in terms of accuracy of detection—i.e., missed detections and false alarms. The thesis also considers the problem of misclassified readings in the learning set. The effectiveness of anomaly detection approach, and hence of the proposed framework, bases on the assumption that the profile is computed starting from a learning set which is not corrupted by attacks; this assumption is often taken for granted. The influence of leaning set corruption on our framework effectiveness is assessed and a procedure aimed at discovering when a given unknown learning set is corrupted by positive readings is proposed and evaluated experimentally.

An approach to automatic defacement detection based on Genetic Programming (GP), an automatic method for creating computer programs by means of artificial evolution, is proposed and evaluated experimentally. Moreover, a set of techniques that have been used in literature for designing several host-based or network-based Intrusion Detection Systems are considered and evaluated experimentally, in comparison with the proposed approach.

Finally, the thesis presents the findings of a large-scale study on reaction time to web site defacement.

There exist several statistics that indicate the number of incidents of this sort but there is a crucial piece of information still lacking: the typical duration of a defacement. A two months monitoring activity has been performed over more than 62000 defacements in order to figure out whether and when a reaction to the defacement is taken. It is shown that such time tends to be unacceptably long—in the order of several days—and with a long-tailed distribution.

1

Riferimenti

Scarica adesso ( PDF - 1 pagine - 29.25 KB )

Documenti correlati

On the high regularity of solutions to the p-Laplacian boundary value problem in exterior domains

Nirenberg, Estimates near the boundary for solutions of elliptic partial differential equations satisfying general boundary conditions.. Nirenberg, Estimates near the boundary

Others argue that the text is the result of the influence of Neoplatonic love philosophy on its author, and hence that it is pervaded by a moral tone.

Before acquiring a well-defined position in society, subjects pass through a period and area of ambiguity − a sort of social limbo which has the features neither of the preceding,

of the world’, that is, life’s transience

Sono i due nuovi coinquilini della vecchia casa di Thomas e Emma, che sentono “the piano playing / Just as a ghost might play”, infatti, il poeta

Ancora sull'efficacia probatoria delle contestazioni. Una partita - riaperta - che va subito chiusa

zione operata mediante l’inserimento del principio del contraddittorio nella formazione della prova il quadro di riferimento costituzionale è profondamente mutato rispetto alla fase

View of Molecular techniques for the detection of the antimicrobial sensitivity: friend or foe?

The other side of this coin clearly shows some relevant cons as enlisted here: i) these techniques can just detect the presence of predetermined genes, depending on each single

Techniques for Large-Scale Automatic Detection of Web Site Defacements

L’efficiacia dell’approccio anomaly detection, e quindi del sistema proposto, si basa sull’ipotesi che il profilo ` e generato a partire da un learning set che non ` e corrotto

Synthesis and carbonic anhydrase I, II, IX and XII inhibitory activity of sulfamates incorporating piperazinyl-ureido moieties

A series of sulfamates incorporating the ureido linker mentioned above and substituted piperazinyl moieties were prepared and assayed for the inhibition of the

Experimental results show the effectiveness of the proposed cross-modal approach

In this paper, we propose a semantic indexing algorithm for soccer programs which uses both audio and visual information for content characterization.. The video signal is