Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms

被引:3
|
作者
Cho, Youngho [1 ]
机构
[1] Korea Natl Def Univ, Grad Sch Natl Def Management, Dept Comp Engn, Nonsan 33021, South Korea
关键词
web defacement attack; on-off strategy; random monitoring algorithm; web security;
D O I
10.3390/electronics8111338
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Recent cyberattacks armed with various ICT (information and communication technology) techniques are becoming advanced, sophisticated and intelligent. In security research field and practice, it is a common and reasonable assumption that attackers are intelligent enough to discover security vulnerabilities of security defense mechanisms and thus avoid the defense systems' detection and prevention activities. Web defacement attacks refer to a series of attacks that illegally modify web pages for malicious purposes, and are one of the serious ongoing cyber threats that occur globally. Detection methods against such attacks can be classified into either server-based approaches or client-based approaches, and there are pros and cons for each approach. From our extensive survey on existing client-based defense methods, we found a critical security vulnerability which can be exploited by intelligent attackers. In this paper, we report the security vulnerability in existing client-based detection methods with a fixed monitoring cycle and present novel intelligent on-off web defacement attacks exploiting such vulnerability. Next, we propose to use a random monitoring strategy as a promising countermeasure against such attacks, and design two random monitoring defense algorithms: (1) Uniform Random Monitoring Algorithm (URMA), and (2) Attack Damage-Based Random Monitoring Algorithm (ADRMA). In addition, we present extensive experiment results to validate our idea and show the detection performance of our random monitoring algorithms. According to our experiment results, our random monitoring detection algorithms can quickly detect various intelligent web defacement on-off attacks (AM1, AM2, and AM3), and thus do not allow huge attack damage in terms of the number of defaced slots when compared with an existing fixed periodic monitoring algorithm (FPMA).
引用
收藏
页数:19
相关论文
共 50 条
  • [21] Design of Intelligent Monitoring System Based on Embedded Web
    Liu Yucheng
    Liu Yu Bin
    2009 INTERNATIONAL FORUM ON INFORMATION TECHNOLOGY AND APPLICATIONS, VOL 2, PROCEEDINGS, 2009, : 521 - +
  • [22] An Adaptive Anomaly Detection of WEB-based Attacks
    Kai, Wen
    Fan, Guo
    PROCEEDINGS OF 2012 7TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE & EDUCATION, VOLS I-VI, 2012, : 690 - 694
  • [23] Detection of Active Attacks Based on Random Orthogonal Pilots
    Hou, Xiaoyun
    Gao, Chunlong
    Zhu, Yan
    Yang, Shuo
    2016 8TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS & SIGNAL PROCESSING (WCSP), 2016,
  • [24] A Kind of On-off Control Method Based on EEG Dimension Complexity Detection
    Wang, Hong
    Li, Chunsheng
    Zhao, Haibin
    Liu, Chong
    ICMIT 2009: MECHATRONICS AND INFORMATION TECHNOLOGY, 2010, 7500
  • [25] Detection of glucose based on reversible "on-off" fluorescence systems in aqueous solution
    Feng, Liheng
    Wang, Yue
    Liang, Fei
    Wang, Xiaoju
    Zhang, Liwei
    SENSORS AND ACTUATORS B-CHEMICAL, 2011, 156 (01) : 499 - 503
  • [26] Micromotor-based on-off fluorescence detection of sarin and soman simulants
    Singh, Virendra V.
    Kaufmann, Kevin
    Orozco, Jahir
    Li, Jinxing
    Galarnyk, Michael
    Arya, Gaurav
    Wang, Joseph
    CHEMICAL COMMUNICATIONS, 2015, 51 (56) : 11190 - 11193
  • [27] Mitigating On-Off attacks in reputation-based secure data aggregation for wireless sensor networks
    Alzaid, Hani
    Foo, Ernest
    Nieto, Juan Gonzalez
    Ahmed, Ejaz
    SECURITY AND COMMUNICATION NETWORKS, 2012, 5 (02) : 125 - 144
  • [28] Study of the Detection of Histidine Based on "On-Off" Fluorescence Probe of Carbon Dots
    Tao Hui-lin
    Liao Xiu-fen
    Sun Chao
    Zhou Su-lian
    Zhong Fu-xin
    Yi Zhong-sheng
    Lu Yan-qun
    SPECTROSCOPY AND SPECTRAL ANALYSIS, 2016, 36 (04) : 1013 - 1016
  • [29] An Intelligent Detection System for SQL Attacks on Web IDS in a Real-Time Application
    Maheswari, K. G.
    Anita, R.
    PROCEEDINGS OF THE 3RD INTERNATIONAL SYMPOSIUM ON BIG DATA AND CLOUD COMPUTING CHALLENGES (ISBCC - 16'), 2016, 49 : 93 - 99
  • [30] Detection of hydrogen sulfide using BODIPY based colorimetric and fluorescent on-off chemosensor
    Paul, Navendu
    Sarkar, Rudra
    Sarkar, Ripon
    Barui, Ananya
    Sarkar, Sabyasachi
    JOURNAL OF CHEMICAL SCIENCES, 2019, 132 (01)