Loading...
Search for:
alert-verification
0.005 seconds
Web Driven Alert Correlation
, M.Sc. Thesis Sharif University of Technology ; Jalili, Rasoul (Supervisor)
Abstract
With the growing deployment of host and network intrusion detection systems, analyzing generated alerts from these systems becomes critically important and challenging due to its complexity and high amount of data. A perfect intrusion detection system would be able to identify all the attacks without raising any false and non-relevant alarms. Unfortunately, false alarms are commonplace in intrusion detection systems. Non-relevant alerts, which are associated with attacks that were not successful, are also common. The process of identifying false and non-relevant alerts is called alert verification. Also nowadays, web applications are widely used in critical and important roles (e.g.,...
Web driven alert verification
, Article 2014 11th International ISC Conference on Information Security and Cryptology, ISCISC 2014 ; Sep , 2014 , p. 180-185 ; Sepahi, A ; Jalili, R ; Sharif University of Technology
Abstract
A web attack is an attack against a web server through the HTTP Protocol. By analyzing known web attacks, we find out that each one has its own behavior. Vestiges of their behavior could be detected in non-body parts of the HTTP Protocol. Such information can be used to verify web alerts generated by Web Application Firewalls (WAFs) and Web Intrusion Detection Systems (Web IDSs). In this paper, we propose a method to verify web alerts generated by mentioned sensors. The goal of the alert verification component is to eliminate or tag alerts that do not represent successful attacks. Our approach is based on analyzing HTTP Transaction metadata, including Request method, Request Headers, Status...