Detection of Insider Attacks to the Web Server

Byungha Choi⁺ and Kyungsan Cho

 

Dankook University

Yongin-si, Gyeonggi-do, Korea

notanything@hanmail.net, kscho@dankook.ac.kr

 

Abstract

In this paper, we propose a detection scheme to protect the Web server by inspecting HTTP outbound traffic from insider attacks which reveal confidential/private information or spread malware codes through Web. Our proposed scheme has a two-step hierarchy with a signature-based detector using Snort, and an anomaly-based detector using HMM. Through the verification analysis under the attacked Web server environment, it has been shown that our proposed scheme improves the detection rate.
 

Keywords: intrusion detection system, insider attack, outbound traffic, Web server

 

+: Corresponding author: Dept. of Software Science, Dankook University, Tel: +82-31-8005-3238

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 3, No. 4, pp. 35-45, December 2012 [pdf]