A Lightweight Tool for Detecting Web Server Attacks

Magnus Almgren*, Hervé Debar, Marc Dacier

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

58 Scopus citations

Abstract

We present an intrusion-detection tool aimed at protecting web servers, and justify why such a tool is needed. We describe several interesting features, such as the ability to run in real time and to keep track of suspicious hosts. The design is flexible and the signatures used to detect malicious behavior are not limited to simple pattern matching of dangerous cgi scripts. The tool includes mechanisms to reduce the number of false alarms. We conclude with a discussion of the information gained from deploying the tool at various sites.

Original languageEnglish (US)
Title of host publicationProceedings of the Symposium on Network and Distributed System Security, NDSS 2000
PublisherThe Internet Society
ISBN (Electronic)189156207X, 9781891562075
StatePublished - 2000
Event7th Symposium on Network and Distributed System Security, NDSS 2000 - San Diego, United States
Duration: Feb 3 2000Feb 4 2000

Publication series

NameProceedings of the Symposium on Network and Distributed System Security, NDSS 2000

Conference

Conference7th Symposium on Network and Distributed System Security, NDSS 2000
Country/TerritoryUnited States
CitySan Diego
Period02/3/0002/4/00

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'A Lightweight Tool for Detecting Web Server Attacks'. Together they form a unique fingerprint.

Cite this