Implement Web Attack Detection Engine with Snort by Using Modsecurity Core Rules
نویسندگان
چکیده
In the Web 2.0 generation, network system faced the racket “Web attack”. Traditional network security devices like Firewall and Intrusion Detection System deal can hardly confront the threat of Web attacks since Hackers often use multi-level or multi-type encoding attack to evade Intrusion Detection Systems. The Intrusion Detection System usually uses the attack signature and Regular Expression to detect web attack, but with limited efficiency. The open source Web Application Firewall “ModSecurity” could use Core Rule to detect SQL Injection, Cross Site Scripting, Insecure Direct Object Reference and Cross Site Request Forgery attacks. The purpose of this paper is provide the ability of web attack detection for Snort by implementing the web attack detection engine using the Core Rule Sets of ModSecurity.
منابع مشابه
Towards Elimination of Cross-Site Scripting on Mobile Versions of Web Applications
In this paper, we address the overlooked problem of CrossSite Scripting (XSS) on mobile versions of web applications. We have surveyed 100 popular mobile versions of web applications and detected XSS vulnerabilities in 81 of them. The inspected sites present a simplified version of the desktop web application for mobile devices; the survey includes sites by Nokia, Intel, MailChimp, Dictionary, ...
متن کاملSensorWebIDS: a web mining intrusion detection system
Purpose of this Paper: Paper proposes a web intrusion detection system, SensorWebIDS, which applies data mining, anomaly and misuse intrusion detection on web environment. Design Approach: SensorWebIDS has three main components: the Network Sensor for extracting parameters from real-time network traffic, the Log Digger for extracting parameters from web log files and the Audit Engine for analyz...
متن کاملBuilding intrusion pattern miner for Snort network intrusion detection system
In this paper, we enhance the functionalities of Snort network-based intrusion detection system to automatically generate patterns of misuse from attack data, and the ability of detecting sequential intrusion behaviors. To that, we implement an intrusion pattern discovery module which applies data mining technique to extract single intrusion patterns and sequential intrusion patterns from a col...
متن کاملRule-Based Network Intrusion Detection System for Port Scanning with Efficient Port Scan Detection Rules Using Snort
In the field of network security, researchers have implemented different models to secure the network. Intrusion Detection System is also one of them and Snort is an open source tool for Intrusion Detection and Prevention System. Today intrusion Detection System is a growing technology in network security and mostly researchers have focused in this field, some of them used signature or rule-bas...
متن کامل(WHASG) Automatic SNORT Signatures Generation by using Honeypot
An Intrusion detection system (IDS) is an important network security component that is used to monitor network traffic and detect attack attempts. A signature based intrusion detection system relies on a set of predefined signatures to detect an attack. Due to “zero-day” attacks (i.e. new unknown attacks) conventional IDS will not be able to detect these new attacks until the signatures are upd...
متن کامل