Abstract:
The security of web services is nowadays one of the major concerns for Internet users. Web services may manage confidential information, monetary transactions, or even he...View moreMetadata
Abstract:
The security of web services is nowadays one of the major concerns for Internet users. Web services may manage confidential information, monetary transactions, or even health-critical systems, such as those employed in public airports or hospitals. A key problem of web services is that they should work as expected even in the presence of malicious inputs. Unfortunately, with the increasing complexity of web services, this task becomes more and more challenging. In this paper we present SuStorID, a multiple classifier system which is able to model legitimate inputs towards web services, given a sample of web traffic. If anomalous inputs are detected, web services are protected according to a set of anomaly templates. Our experiments, performed on a production environment, highlight that our system can accurately detect web attacks and help security operators to protect their web services against known and unknown attacks.
Date of Conference: 11-15 November 2012
Date Added to IEEE Xplore: 14 February 2013
ISBN Information:
ISSN Information:
Conference Location: Tsukuba, Japan