Skip to main content Skip to main navigation

Publikation

Prototype application to detect malicious network trac with case-based reasoning and SEASALT

Jakob Schoenborn; Klaus-Dieter Althoff
In: Hayley Borck; Viktor Eisenstadt (Hrsg.). Workshop Proceedings. International Conference on Case-Based Reasoning (ICCBR-2021), September 13-16, Salamanca, Spain, CEUR, 2021.

Zusammenfassung

The amount of criminal online activities rises. Protective measures such as firewalls and intrusion detection systems are being actively developed. We accompany this development by offering a case-based reasoning prototype to detect similar attacks based on previous cases. The instantiation of the SEASALT framework allows us to distinguish between two different views on network traffic: the request itself, and the traffic overall. Here, the focus has been set on SQL-injections and cross site scripting - two of the most commonly used attack vectors in the last decade1. As we store cases containing these attacks, we are able to detect slightly similar attacks, which would be difficult to detect, for example, by a set of rules. Depending on the use-case, we identified up to 16 relevant attributes, predominantly text attributes. However, the similarity assessment needs improvement to reduce the rate of false-positives.

Weitere Links