A Self-learning Anomaly-Based Web Application Firewall | SpringerLink
Skip to main content
Springer Nature Link
Log in

A Self-learning Anomaly-Based Web Application Firewall

  • Conference paper
Computational Intelligence in Security for Information Systems

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 63))

Abstract

A simple and effective web application firewall is presented. This system follows the anomalous approach, therefore it can detect both known and unknown web attacks. The system decides whether the incoming requests are attacks or not aided by an XML file. The XML file contains the normal behavior of the target web application statistically characterized and is built from a set of normal requests artificially generated. Any request which deviates from the normal behavior is considered anomalous. The system has been applied to protect a real web application. An increasing number of training requests have been used to train the system. Experiments show that when the XML file has enough data to closely characterize the normal behaviour of the target web application, a very high detection rate is reached while the false alarm rate ramains very low.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 17159
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 21449
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Alvarez, G., Petrovic, S.: A new taxonomy of Web attacks suitable for efficient encoding. Computers and Security 22(5), 453–449 (2003)

    Google Scholar 

  2. Patcha, A., Park, J.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks 51(12), 3448–3470 (2007)

    Article  Google Scholar 

  3. Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Computer Networks 48(5), 717–738 (2005)

    Article  Google Scholar 

  4. Estévez-Tapiador, J., García-Teodoro, P., Díaz-Verdejo, J.: Measuring normality in HTTP traffic for anomaly-based intrusion detection. Computer Networks 45(2), 175–193 (2004)

    Article  Google Scholar 

  5. Bolzoni, D., Zambon, E.: Sphinx: An anomaly-based web intrusion detection system. In: Workshop on Intrusion Detection Systems, Utrecht, The Netherlands, 14 pages (2007)

    Google Scholar 

  6. ModSecurity. Open Source signature-based Web Application Firewall (2009), http://www.modsecurity.org

  7. Provost, F., Fawcett, T., Kohavi, R.: The case against accuracy estimation for comparing induction algorithms. In: Proceedings of the 15th International Conference on Machine Learning. Morgan Kaufmann, San Francisco (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Instituto de Física Aplicada, Consejo Superior de Investigaciones Científicas, Serrano 144, 28006, Madrid, Spain

    Carmen Torrano-Gimenez, Alejandro Perez-Villegas & Gonzalo Alvarez

Authors
  1. Carmen Torrano-Gimenez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alejandro Perez-Villegas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gonzalo Alvarez
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Grupo de Inteligencia, Computacional Aplicada, Área de Lenguajes y, Sistemas Informáticos, Escuela Politécnica Superior, Universidad de Burgos , Calle Francisco de Vitoria S/N, Edifico C, 09006, Burgos, Spain

    Álvaro Herrero

  2. Dept. of Biophysical and Electronic Engineering, Genova University , Via Opera Pia 11a, 16145, Genova, Italy

    Paolo Gastaldo

  3. Dept. of Biophysical and Electronic Engineering, Genova University , Via Opera Pia 11a, 16145, Genova, Italy

    Rodolfo Zunino

  4. Grupo de Inteligencia, Computacional Aplicada, Área de Lenguajes y Sistemas Informáticos, Escuela Politénica Superior, Universidad de Burgos , Calle Francisco de Vitoria S/N, Edifico C, 09006, Burgos, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Torrano-Gimenez, C., Perez-Villegas, A., Alvarez, G. (2009). A Self-learning Anomaly-Based Web Application Firewall. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Advances in Intelligent and Soft Computing, vol 63. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04091-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04091-7_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04090-0

  • Online ISBN: 978-3-642-04091-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics