Detecting attacks against data in web applications

Romaric Ludinard; Éric Totel; Frédéric Tronel; Vincent Nicomette; Mohamed Kaâniche; Éric Alata; Rim Akrout; Yann Bachy

doi:10.1109/CRISIS.2012.6378943

Detecting attacks against data in web applications

Romaric Ludinard
, Éric Totel
, Frédéric Tronel
, Vincent Nicomette
, Mohamed Kaâniche
, Éric Alata
, Rim Akrout
, Yann Bachy

Supelec
LAAS-CNRS
Université Paul Sabatier

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system for applications implemented with the Ruby on Rails framework. It is aimed at detecting attacks against data in the context of web applications. This anomaly based IDS focuses on the modeling of the application profile in the absence of attacks (called normal profile) using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

Original language	English
Title of host publication	7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012
DOIs	https://doi.org/10.1109/CRISIS.2012.6378943
Publication status	Published - 1 Dec 2012
Externally published	Yes
Event	7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012 - Cork, Ireland Duration: 10 Oct 2012 → 12 Oct 2012

Publication series

Name	7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012

Conference

Conference	7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012
Country/Territory	Ireland
City	Cork
Period	10/10/12 → 12/10/12

Access to Document

10.1109/CRISIS.2012.6378943

Cite this

Ludinard, R., Totel, É., Tronel, F., Nicomette, V., Kaâniche, M., Alata, É., Akrout, R., & Bachy, Y. (2012). Detecting attacks against data in web applications. In 7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012 Article 6378943 (7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012). https://doi.org/10.1109/CRISIS.2012.6378943

@inproceedings{ec3e66e4ccd04cf589a78ac1f04a6b4d,

title = "Detecting attacks against data in web applications",

abstract = "RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system for applications implemented with the Ruby on Rails framework. It is aimed at detecting attacks against data in the context of web applications. This anomaly based IDS focuses on the modeling of the application profile in the absence of attacks (called normal profile) using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.",

author = "Romaric Ludinard and {\'E}ric Totel and Fr{\'e}d{\'e}ric Tronel and Vincent Nicomette and Mohamed Ka{\^a}niche and {\'E}ric Alata and Rim Akrout and Yann Bachy",

year = "2012",

month = dec,

day = "1",

doi = "10.1109/CRISIS.2012.6378943",

language = "English",

isbn = "9781467330893",

series = "7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012",

booktitle = "7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012",

note = "7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012 ; Conference date: 10-10-2012 Through 12-10-2012",

}

Ludinard, R, Totel, É, Tronel, F, Nicomette, V, Kaâniche, M, Alata, É, Akrout, R & Bachy, Y 2012, Detecting attacks against data in web applications. in 7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012., 6378943, 7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012, 7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012, Cork, Ireland, 10/10/12. https://doi.org/10.1109/CRISIS.2012.6378943

Detecting attacks against data in web applications. / Ludinard, Romaric; Totel, Éric; Tronel, Frédéric et al.
7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012. 2012. 6378943 (7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Detecting attacks against data in web applications

AU - Ludinard, Romaric

AU - Totel, Éric

AU - Tronel, Frédéric

AU - Nicomette, Vincent

AU - Kaâniche, Mohamed

AU - Alata, Éric

AU - Akrout, Rim

AU - Bachy, Yann

PY - 2012/12/1

Y1 - 2012/12/1

N2 - RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system for applications implemented with the Ruby on Rails framework. It is aimed at detecting attacks against data in the context of web applications. This anomaly based IDS focuses on the modeling of the application profile in the absence of attacks (called normal profile) using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

AB - RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system for applications implemented with the Ruby on Rails framework. It is aimed at detecting attacks against data in the context of web applications. This anomaly based IDS focuses on the modeling of the application profile in the absence of attacks (called normal profile) using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.

U2 - 10.1109/CRISIS.2012.6378943

DO - 10.1109/CRISIS.2012.6378943

M3 - Conference contribution

AN - SCOPUS:84872070540

SN - 9781467330893

T3 - 7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012

BT - 7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012

T2 - 7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012

Y2 - 10 October 2012 through 12 October 2012

ER -

Detecting attacks against data in web applications

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this