Detection of Insider Attacks to the Web
Server
Byungha Choi+ and Kyungsan Cho
Dankook University
Yongin-si, Gyeonggi-do, Korea
notanything@hanmail.net, kscho@dankook.ac.kr
Abstract
In this paper, we propose a detection scheme to protect the Web server by
inspecting HTTP outbound traffic from insider
attacks which reveal confidential/private information or spread malware codes through Web.
Our proposed scheme has a two-step hierarchy with a signature-based detector using Snort, and an
anomaly-based detector using HMM. Through the verification analysis under the attacked Web server
environment, it has been shown that our proposed scheme improves the detection rate.
Keywords: intrusion detection system, insider attack, outbound
traffic, Web server
+: Corresponding author: Dept. of Software Science, Dankook University, Tel: +82-31-8005-3238
Journal of Wireless Mobile Networks,
Ubiquitous Computing, and Dependable Applications (JoWUA),
Vol. 3, No. 4, pp. 35-45, December 2012
[pdf]