- Byungha Choi
Dankook University Yongin-si, Gyeonggi-do, Korea
notanything@hanmail.net - Kyungsan Cho
Dankook University Yongin-si, Gyeonggi-do, Korea
kscho@dankook.ac.kr
Detection of Insider Attacks to the Web Server
In this paper, we propose a detection scheme to protect the Web server by inspecting HTTP outbound traffic from insider attacks which reveal confidential/private information or spread malware codes through Web. Our proposed scheme has a two-step hierarchy with a signature-based detector using Snort, and an anomaly-based detector using HMM. Through the verification analysis under the attacked Web server environment, it has been shown that our proposed scheme improves the detection rate.