| Yazarlar (3) |
Seyyar Merve Baş
|
|
Ferhat Özgür Çatak
Türkiye Bilimsel ve Teknolojik Araştirma Kurumu, Türkiye |
Prof. Dr. Ensar GÜL
İstanbul Şehir Üniversitesi, Türkiye |
| Özet |
| A web application could be visited for different purposes. It is possible for a web site to be visited by a regular user as a normal (natural) visit, to be viewed by crawlers, bots, spiders, etc. for indexing purposes, lastly to be exploratory scanned by malicious users prior to an attack. An attack targeted web scan can be viewed as a phase of a potential attack and can lead to more attack detection as compared to traditional detection methods. In this work, we propose a method to detect attack-oriented scans and to distinguish them from other types of visits. In this context, we use access log files of Apache (or ISS) web servers and try to determine attack situations through examination of the past data. In addition to web scan detections, we insert a rule set to detect SQL Injection and XSS attacks. Our approach has been applied on sample data sets and results have been analyzed in terms of performance measures to compare our method and other commonly used detection techniques. Furthermore, various tests have been made on log samples from real systems. Lastly, several suggestions about further development have been also discussed. |
| Anahtar Kelimeler |
| Log analysis | Rule-based model | Scan detection | SQLI detection | Web application security | XSS detection |
| Makale Türü | Özgün Makale |
| Makale Alt Türü | Diğer hakemli uluslarası dergilerde yayınlanan tam makale |
| Dergi Adı | Applied Computing and Informatics |
| Dergi ISSN | 2210-8327 Wos Dergi Scopus Dergi |
| Dergi Tarandığı Indeksler | EI: Engineering Index |
| Makale Dili | İngilizce |
| Basım Tarihi | 04-2017 |
| Cilt No | 14 |
| Sayı | 1 |
| Sayfalar | 28 / 36 |
| Doi Numarası | 10.1016/j.aci.2017.04.002 |
| Makale Linki | http://linkinghub.elsevier.com/retrieve/pii/S2210832717300169 |
| Atıf Sayıları | |
| SCOPUS | 39 |
| Google Scholar | 73 |
