Browse > Article
http://dx.doi.org/10.9708/jksci.2011.16.1.125

An Efficient Detecting Scheme of Web-based Attacks through Monitoring HTTP Outbound Traffics  

Choi, Byung-Ha (Graduate School, Dankook University)
Choi, Sung-Kyo (Dept. of Computer Engr., Kangwon University)
Cho, Kyung-San (Div. of Computer, Dankook University)
Publication Information
Journal of the Korea Society of Computer and Information / v.16, no.1, 2011 , pp. 125-132 More about this Journal
Abstract
A hierarchical Web Security System, which is a solution to various web-based attacks, seemingly is not able to keep up with the improvement of detoured or compound attacks. In this paper, we suggest an efficient detecting scheme for web-based attacks like Malware, XSS, Creating Webshell, URL Spoofing, and Exposing Private Information through monitoring HTTP outbound traffics in real time. Our proposed scheme detects web-based attacks by comparing the outbound traffics with the signatures of HTML tag or Javascript created by the attacks. Through the verification analysis under the real-attacked environment, we show that our scheme installed in a hierarchical web security system has superior detection capability for detoured web-based attacks.
Keywords
Web-based Attacks; Outbound Traffic; Detection; Signature; Detoured Attack;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 Korea Internet & Security Agency, "Korea Internet Incident Report of March 2008," Mar. 2008.
2 OWASP, http://www.owasp.org
3 Teng Gao, Yue-wei Ding and Si-chong Da, "Research of Access Control of USB Storage Device with Information Security in Unauthorized Internet Access Monitoring System," Procs. of Computational Intelligence and Software Engineering 2009(CISE 2009), pp. 1-5, Dec. 2009.
4 Jin-Cherng Lin and Jan-Min Chen, "MUSIC: Mutation-based SQL Injection Vulnerability Checking," Procs. of Quality Software International Conference 2008(QSIC '08), pp. 77-86, Aug. 2008.
5 ByungHa Choi and Kyungsan Cho, " An Improved Detecting Schemes of Malicious Codes using HTTP Outbound Traffics," Journal of The Korea Society of Computer and Information, Vol. 14, No. 9, pp. 47-54, Sep. 2009.
6 Hyeon Soo Kim, Young Dae Park and Seung Hak Kuk, "Development of Test Tool for Testing Packet Filtering Functions," Journal of The Korea Information Science Society, Vol. 13, No. 2, pp. 86-99, Apr. 2007.
7 Maricel Balitanas, Min-kyu Choi and Tai-hoon Kim, "Duplex Defensive Approach in Network Infrastructure," Procs. of The Korea Institute of Information Technology, pp. 926-929, Jun. 2009.
8 Google, http://code.google.com/intl/en/apis /safebrowsing
9 Cisco, http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example0918 6a008088517b.shtml
10 National Cyber Security Center, "Monthly Cyber Security," Jul. 2006.
11 OWASP, "OWASP Top 10," Sept. 2009.
12 Sung-Min Jang and Yoo-Hun Won, "Design and Implementation of a Web Application Firewall with Multi-layered Web Filter," Journal of The Korea Society of Computer and Information, Vol. 14, No. 12, pp. 157-167, Dec. 2009.
13 Mi-Sun Kim, Jin-Bo Kim, Hyoung-Cho Yang, Yong-Min Kim and Jae-Hyun Seo, "Web 2.0 and Ajax Security Vulnerabilities," Communications of The Korea Information Science Society, Vol. 25, No. 10, pp. 43-48, Oct. 2007.
14 Korea Internet & Security Agency, "Korea Internet Incident Report of April 2010," Jul. 2010.