An Invariant-based Approach for Detecting Attacks against Data in Web Applications

Romaric Ludinard 1 Eric Totel 1 Frédéric Tronel 1 Vincent Nicomette 2 Mohamed Kaâniche 2 Eric Alata 2 Rim Akrout 2 Yann Bachy 2
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
2 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique
LAAS - Laboratoire d'analyse et d'architecture des systèmes [Toulouse]
Abstract : RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application levelintrusion detection system (IDS) for applications implemented with the Ruby on Railsframework. The goal of this intrusion detection system is to detect attacks against data in thecontext of web applications. This anomaly based IDS focuses on the modelling of the normalapplication profile using invariants. These invariants are discovered during a learning phase.Then, they are used to instrument the web application at source code level, so that a deviationfrom the normal profile can be detected at run-time. This paper illustrates on simple exampleshow the approach detects well-known categories of web attacks that involve a state violation ofthe application, such as SQL injections. Finally, an assessment phase is performed to evaluatethe accuracy of the detection provided by the proposed approach.
Keywords : invariant discovery intrusion detection invariant checking web applications
Type de document :
Article dans une revue
Liste complète des métadonnées

Littérature citée [18 références]  Voir  Masquer  Télécharger
https://hal.inria.fr/hal-01083296
Contributeur : Frédéric Tronel <>
Soumis le : lundi 17 novembre 2014 - 09:26:14
Dernière modification le : mercredi 20 février 2019 - 10:24:03
Document(s) archivé(s) le : vendredi 14 avril 2017 - 13:54:15

Fichier

IJSSE_APA4_def.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

INSTITUT-TELECOM | UNIV-RENNES1 | INRIA | SUP_CIDRE | IRISA-D1 | IRISA | UNIV-TLSE3 | LAAS-INFORMATIQUE-CRITIQUE | INSA-TOULOUSE | UR1-UFR-ISTIC | UNIV-RENNES | LAAS-TSF | LAAS

Citation

Romaric Ludinard, Eric Totel, Frédéric Tronel, Vincent Nicomette, Mohamed Kaâniche, et al.. An Invariant-based Approach for Detecting Attacks against Data in Web Applications. International Journal of Secure Software Engineering, 2014, 5 (1), pp.19-38. 〈http://www.igi-global.com/article/an-invariant-based-approach-for-detecting-attacks-against-data-in-web-applications/109579〉. 〈10.4018/ijsse.2014010102〉. 〈hal-01083296〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

823

Téléchargements de fichiers

402

Contact


archive-ouverte@inria.fr