Paper 1
Visualizing web attack scenarios in space and time coordinate systemsAuthors: Tran Tri Dang, Tran Khanh Dang |
AbstractIntrusion Detection Systems can detect attacks and notify responsible people of these events automatically. However, seeing individual attacks, although useful, is often not enough to understand about the whole attacking process as well as the skills and motivations of the attackers. Attacking step is usually just a phase in the whole intrusion process, in which attackers gather information and prepare required conditions before executing it, and clear log records to hide their traces after executing it. Current approaches to constructing attack scenarios require pre-defining of cause and effect relationships between events, which is a difficult and time-consuming task. In this work, we exploit the linking nature between pages in web applications to propose an attack scenario construction technique without the need of cause and effect relationships pre-definition. Built scenarios are then visualized in space and time coordinate systems to support viewing and analysis. We also develop a prototype implementation based on the proposal and use it to experiment with different simulated attack scenarios. |