Swaddler: an approach for the anomaly-based detection of state violations in web applications. Cova, M., Balzarotti, D., Felmetsger, V., & Vigna, G. In Proc. of the 10th Int'l Conf. on Recent advances in intrusion detection, pages 63--86, 2007.
abstract   bibtex   
In recent years, web applications have become tremendously popular, and nowadays they are routinely used in security-critical environments, such as medical, financial, and military systems. As the use of web applications for critical services has increased, the number and sophistication of attacks against these applications have grown as well. Most approaches to the detection of web-based attacks analyze the interaction of a web application with its clients and back-end servers. Even though these approaches can effectively detect and block a number of attacks, there are attacks that cannot be detected only by looking at the external behavior of a web application. In this paper, we present Swaddler, a novel approach to the anomaly-based detection of attacks against web applications. Swaddler analyzes the internal state of a web application and learns the relationships between the application's critical execution points and the application's internal state. By doing this, Swaddler is able to identify attacks that attempt to bring an application in an inconsistent, anomalous state, such as violations of the intended workflow of a web application. We developed a prototype of our approach for the PHP language and we evaluated it with respect to several real-world applications.
@inproceedings{cova_swaddler:_2007,
	title = {Swaddler: an approach for the anomaly-based detection of state violations in web applications},
	shorttitle = {Swaddler},
	abstract = {In recent years, web applications have become tremendously popular, and nowadays they are routinely used in security-critical environments, such as medical, financial, and military systems. As the use of web applications for critical services has increased, the number and sophistication of attacks against these applications have grown as well. Most approaches to the detection of web-based attacks analyze the interaction of a web application with its clients and back-end servers. Even though these approaches can effectively detect and block a number of attacks, there are attacks that cannot be detected only by looking at the external behavior of a web application. In this paper, we present Swaddler, a novel approach to the anomaly-based detection of attacks against web applications. Swaddler analyzes the internal state of a web application and learns the relationships between the application's critical execution points and the application's internal state. By doing this, Swaddler is able to identify attacks that attempt to bring an application in an inconsistent, anomalous state, such as violations of the intended workflow of a web application. We developed a prototype of our approach for the PHP language and we evaluated it with respect to several real-world applications.},
	urldate = {2012-03-23TZ},
	booktitle = {Proc. of the 10th {Int}'l {Conf}. on {Recent} advances in intrusion detection},
	author = {Cova, Marco and Balzarotti, Davide and Felmetsger, Viktoria and Vigna, Giovanni},
	year = {2007},
	keywords = {anomaly detection, code instrumentation, dynamic analysis, web attacks},
	pages = {63--86}
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021