AN ANOMALY-BASED WEB APPLICATION FIREWALL

Alejandro Perez-Villegas, Gonzalo Alvarez

2009

Abstract

A simple and effective web application firewall is presented. This system can detect both known and unknown web attacks following a positive security model. For attack detection, the system relies on an XML file, which thoroughly describes normal web application behavior. Any irregular behavior is flagged as intrusive. An initial training phase is required to statistically characterize how normal traffic for a given target application looks like. The system has been tested with a real web application as target and an artificial request generator as input. Experiments show that after the training phase, when the XML file is correctly configured, good results are obtained, with a very high detection rate and a very low false alarm rate.

Paper Citation

in Harvard Style

Perez-Villegas A. and Alvarez G. (2009). AN ANOMALY-BASED WEB APPLICATION FIREWALL . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 23-28. DOI: 10.5220/0002218900230028

in Bibtex Style

@conference{secrypt09,
author={Alejandro Perez-Villegas and Gonzalo Alvarez},
title={AN ANOMALY-BASED WEB APPLICATION FIREWALL},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={23-28},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002218900230028},
isbn={978-989-674-005-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - AN ANOMALY-BASED WEB APPLICATION FIREWALL
SN - 978-989-674-005-4
AU - Perez-Villegas A.
AU - Alvarez G.
PY - 2009
SP - 23
EP - 28
DO - 10.5220/0002218900230028