WebAnalyzer: Accurate detection of HTTP attack traces in web server logs

Hervé Debar; Elvis Tombini

doi:10.1007/BF03219929

WebAnalyzer: Accurate detection of HTTP attack traces in web server logs

Hervé Debar
, Elvis Tombini

Orange Labs

Research output: Contribution to journal › Article › peer-review

Abstract

This paper presents a tool for detecting attacks against web server, using the analysis of web server log files. The main characteristic of this tool is its accuracy, being able to carefully graduate its analysis according to the actual success of the attacker. This capability is based on the design of a simple yet powerful signature definition language. We demonstrate the accuracy of the tool using a set of log lines representing several attack conditions and attack results.

Original language	English
Pages (from-to)	682-704
Number of pages	23
Journal	Annales des Telecommunications/Annals of Telecommunications
Volume	61
Issue number	5-6
DOIs	https://doi.org/10.1007/BF03219929
Publication status	Published - 1 Jan 2006
Externally published	Yes

Keywords

Data analysis
Internet security
Intrusion detection
Web server

Access to Document

10.1007/BF03219929

Cite this

@article{ad371c894d2b4d52816cf57d35f44ed4,

title = "WebAnalyzer: Accurate detection of HTTP attack traces in web server logs",

abstract = "This paper presents a tool for detecting attacks against web server, using the analysis of web server log files. The main characteristic of this tool is its accuracy, being able to carefully graduate its analysis according to the actual success of the attacker. This capability is based on the design of a simple yet powerful signature definition language. We demonstrate the accuracy of the tool using a set of log lines representing several attack conditions and attack results.",

keywords = "Data analysis, Internet security, Intrusion detection, Web server",

author = "Herv{\'e} Debar and Elvis Tombini",

year = "2006",

month = jan,

day = "1",

doi = "10.1007/BF03219929",

language = "English",

volume = "61",

pages = "682--704",

journal = "Annales des Telecommunications/Annals of Telecommunications",

issn = "0003-4347",

number = "5-6",

}

TY - JOUR

T1 - WebAnalyzer

T2 - Accurate detection of HTTP attack traces in web server logs

AU - Debar, Hervé

AU - Tombini, Elvis

PY - 2006/1/1

Y1 - 2006/1/1

N2 - This paper presents a tool for detecting attacks against web server, using the analysis of web server log files. The main characteristic of this tool is its accuracy, being able to carefully graduate its analysis according to the actual success of the attacker. This capability is based on the design of a simple yet powerful signature definition language. We demonstrate the accuracy of the tool using a set of log lines representing several attack conditions and attack results.

AB - This paper presents a tool for detecting attacks against web server, using the analysis of web server log files. The main characteristic of this tool is its accuracy, being able to carefully graduate its analysis according to the actual success of the attacker. This capability is based on the design of a simple yet powerful signature definition language. We demonstrate the accuracy of the tool using a set of log lines representing several attack conditions and attack results.

KW - Data analysis

KW - Internet security

KW - Intrusion detection

KW - Web server

UR - https://www.scopus.com/pages/publications/33747125460

U2 - 10.1007/BF03219929

DO - 10.1007/BF03219929

M3 - Article

AN - SCOPUS:33747125460

SN - 0003-4347

VL - 61

SP - 682

EP - 704

JO - Annales des Telecommunications/Annals of Telecommunications

JF - Annales des Telecommunications/Annals of Telecommunications

IS - 5-6

ER -

WebAnalyzer: Accurate detection of HTTP attack traces in web server logs

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this