Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

An Efficient Detecting Scheme of Web-based Attacks through Monitoring HTTP Outbound Traffics

HTTP Outbound Traffic 감시를 통한 웹 공격의 효율적 탐지 기법

  • Received : 2010.09.30
  • Accepted : 2010.10.25
  • Published : 2011.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

A hierarchical Web Security System, which is a solution to various web-based attacks, seemingly is not able to keep up with the improvement of detoured or compound attacks. In this paper, we suggest an efficient detecting scheme for web-based attacks like Malware, XSS, Creating Webshell, URL Spoofing, and Exposing Private Information through monitoring HTTP outbound traffics in real time. Our proposed scheme detects web-based attacks by comparing the outbound traffics with the signatures of HTML tag or Javascript created by the attacks. Through the verification analysis under the real-attacked environment, we show that our scheme installed in a hierarchical web security system has superior detection capability for detoured web-based attacks.

웹 기반 공격에 대한 대응책으로 계층적 웹 보안 시스템이 있지만 다양한 혼합 및 우회 공격에는 제대로 대응하지 못하는 실정이다. 본 논문은 웹 공격에 의해 발생하는 악성코드 유포, XSS, 웹쉘 생성, URL Spoofing, 개인 정보유출 등의 증상을 HTTP outbound traffic의 감시를 통해 실시간으로 탐지하는 효율적인 기법을 제안한다. 제안 기법은 다양한 웹 공격에 의해 생성되는 HTML 태그와 Javascript 코드를 분석하여 설정한 시그너처를 outbound traffic과 비교 검색하여 웹 공격을 탐지한다. 실제 침입 환경에서의 검증 분석을 통해, 계층적 보안 시스템과 결합된 제안기법이 우회된 웹 공격에 대한 탐지능력이 탁월함을 보인다.

Keywords

References

  1. Mi-Sun Kim, Jin-Bo Kim, Hyoung-Cho Yang, Yong-Min Kim and Jae-Hyun Seo, "Web 2.0 and Ajax Security Vulnerabilities," Communications of The Korea Information Science Society, Vol. 25, No. 10, pp. 43-48, Oct. 2007.
  2. Korea Internet & Security Agency, "Korea Internet Incident Report of April 2010," Jul. 2010.
  3. OWASP, "OWASP Top 10," Sept. 2009.
  4. National Cyber Security Center, "Monthly Cyber Security," Jul. 2006.
  5. Hyeon Soo Kim, Young Dae Park and Seung Hak Kuk, "Development of Test Tool for Testing Packet Filtering Functions," Journal of The Korea Information Science Society, Vol. 13, No. 2, pp. 86-99, Apr. 2007.
  6. Sung-Min Jang and Yoo-Hun Won, "Design and Implementation of a Web Application Firewall with Multi-layered Web Filter," Journal of The Korea Society of Computer and Information, Vol. 14, No. 12, pp. 157-167, Dec. 2009.
  7. Maricel Balitanas, Min-kyu Choi and Tai-hoon Kim, "Duplex Defensive Approach in Network Infrastructure," Procs. of The Korea Institute of Information Technology, pp. 926-929, Jun. 2009.
  8. Google, http://code.google.com/intl/en/apis /safebrowsing
  9. Cisco, http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example0918 6a008088517b.shtml
  10. OWASP, http://www.owasp.org
  11. Teng Gao, Yue-wei Ding and Si-chong Da, "Research of Access Control of USB Storage Device with Information Security in Unauthorized Internet Access Monitoring System," Procs. of Computational Intelligence and Software Engineering 2009(CISE 2009), pp. 1-5, Dec. 2009.
  12. Jin-Cherng Lin and Jan-Min Chen, "MUSIC: Mutation-based SQL Injection Vulnerability Checking," Procs. of Quality Software International Conference 2008(QSIC '08), pp. 77-86, Aug. 2008.
  13. ByungHa Choi and Kyungsan Cho, " An Improved Detecting Schemes of Malicious Codes using HTTP Outbound Traffics," Journal of The Korea Society of Computer and Information, Vol. 14, No. 9, pp. 47-54, Sep. 2009.
  14. Korea Internet & Security Agency, "Korea Internet Incident Report of March 2008," Mar. 2008.

Cited by

  1. TF-IDF를 이용한 침입탐지이벤트 유효성 검증 기법 vol.28, pp.6, 2018, https://doi.org/10.13089/jkiisc.2018.28.6.1489