Home

Cross-domain Collaborative Anomaly Detection: So Far Yet So Close

Nathaniel Gordon Boggs; Sharath Hiremagalore; Angelos Stavrou; Salvatore Stolfo

Title:
Cross-domain Collaborative Anomaly Detection: So Far Yet So Close
Author(s):
Boggs, Nathaniel Gordon
Hiremagalore, Sharath
Stavrou, Angelos
Stolfo, Salvatore
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Part Number:
6961
Book/Journal Title:
Recent Advances in Intrusion Detection: 14th International Symposium, Raid 2011, Menlo Park, Ca, USA, September 20-21, 2011: Proceedings
Book Author:
Sommer, Robin
Publisher:
Springer
Publisher Location:
New York
Abstract:
Web applications have emerged as the primary means of access to vital and sensitive services such as online payment systems and databases storing personally identifiable information. Unfortunately, the need for ubiquitous and often anonymous access exposes web servers to adversaries. Indeed, network-borne zero-day attacks pose a critical and widespread threat to web servers that cannot be mitigated by the use of signature-based intrusion detection systems. To detect previously unseen attacks, we correlate web requests containing user submitted content across multiple web servers that is deemed abnormal by local Content Anomaly Detection (CAD) sensors. The cross-site information exchange happens in real-time leveraging privacy preserving data structures. We filter out high entropy and rarely seen legitimate requests reducing the amount of data and time an operator has to spend sifting through alerts. Our results come from a fully working prototype using eleven weeks of real-world data from production web servers. During that period, we identify at least three application-specific attacks not belonging to an existing class of web attacks as well as a wide-range of traditional classes of attacks including SQL injection, directory traversal, and code inclusion without using human specified knowledge or input.
Subject(s):
Computer science
Item views:
137
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use