{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,3,31]],"date-time":"2022-03-31T02:49:12Z","timestamp":1648694952375},"reference-count":19,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,1]]},"abstract":"<jats:p>RRABIDS (Ruby on Rails Anomaly Based Intrusion Detection System) is an application level intrusion detection system (IDS) for applications implemented with the Ruby on Rails framework. The goal of this intrusion detection system is to detect attacks against data in the context of web applications. This anomaly based IDS focuses on the modelling of the normal application profile using invariants. These invariants are discovered during a learning phase. Then, they are used to instrument the web application at source code level, so that a deviation from the normal profile can be detected at run-time. This paper illustrates on simple examples how the approach detects well-known categories of web attacks that involve a state violation of the application, such as SQL injections. Finally, an assessment phase is performed to evaluate the accuracy of the detection provided by the proposed approach.<\/jats:p>","DOI":"10.4018\/ijsse.2014010102","type":"journal-article","created":{"date-parts":[[2014,6,17]],"date-time":"2014-06-17T14:03:29Z","timestamp":1403013809000},"page":"19-38","source":"Crossref","is-referenced-by-count":0,"title":["An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications"],"prefix":"10.4018","volume":"5","author":[{"given":"Romaric","family":"Ludinard","sequence":"first","affiliation":[{"name":"Sup\u00e9lec, Cesson-Sevign\u00e9, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"\u00c9ric","family":"Totel","sequence":"additional","affiliation":[{"name":"Sup\u00e9lec, Cesson-Sevign\u00e9, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fr\u00e9d\u00e9ric","family":"Tronel","sequence":"additional","affiliation":[{"name":"Sup\u00e9lec, Cesson-Sevign\u00e9, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vincent","family":"Nicomette","sequence":"additional","affiliation":[{"name":"CNRS, LAAS, Toulouse, France & INSA, LAAS, Universit\u00e9 de Toulouse, Toulouse, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohamed","family":"Ka\u00e2niche","sequence":"additional","affiliation":[{"name":"CNRS, LAAS, Toulouse, France & Universit\u00e9 de Toulouse, Toulouse, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"\u00c9ric","family":"Alata","sequence":"additional","affiliation":[{"name":"CNRS, LAAS, Toulouse, France & INSA, LAAS, Universit\u00e9 de Toulouse, Toulouse, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rim","family":"Akrout","sequence":"additional","affiliation":[{"name":"CNRS, LAAS, Toulouse, France & LAAS, Universit\u00e9 de Toulouse, Toulouse, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yann","family":"Bachy","sequence":"additional","affiliation":[{"name":"CNRS, LAAS, Toulouse, France & LAAS, Universit\u00e9 de Toulouse, Toulouse, France"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"2432","reference":[{"key":"ijsse.2014010102-0","doi-asserted-by":"crossref","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., & Ligatti, J. (2005). Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security.","DOI":"10.1145\/1102120.1102165"},{"key":"ijsse.2014010102-1","doi-asserted-by":"crossref","unstructured":"Akritidis, P., Cadar, C., Raiciu, C., Costa, M., & Castro, M. (2008). Preventing memory error exploits with WIT. In Proceedings of the IEEE Symposium on Security and Privacy.","DOI":"10.1109\/SP.2008.30"},{"key":"ijsse.2014010102-2","first-page":"12747","author":"R.Akrout","year":"2012","journal-title":"Analyse de vuln\u00e9rabilit\u00e9s et \u00e9valuation de syst\u00e8mes de d\u00e9tection d'intrusions pour les applications web"},{"key":"ijsse.2014010102-3","doi-asserted-by":"crossref","unstructured":"Bau, J., Bursztein, E., Gupta, D., & Mitchell, J. (2010). State of the art: Automated black-box web application vulnerability testing. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA.","DOI":"10.1109\/SP.2010.27"},{"key":"ijsse.2014010102-4","unstructured":"Castro, M., Costa, M., & Harris, T. (2006). Securing software by enforcing data-flow integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation."},{"key":"ijsse.2014010102-5","author":"L.Cavallaro","year":"2008","journal-title":"Anomalous taint detection: Secure systems laboratory"},{"key":"ijsse.2014010102-6","doi-asserted-by":"crossref","unstructured":"Cova, M., Balzarotti, D., Felmetsger, V., & Vigna, G. (2007). Swaddler: An approach for the anomaly-based detection of state violations in web applications. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), Gold Coast, Australia.","DOI":"10.1007\/978-3-540-74320-0_4"},{"key":"ijsse.2014010102-7","doi-asserted-by":"crossref","unstructured":"d'Ausbourg, B. (1994). Implementing secure dependencies over a network by designing a distributed security subsystem. In Proceedings of the Third European Symposium on Research in Computer Security (ESORICS'94).","DOI":"10.1007\/3-540-58618-0_68"},{"key":"ijsse.2014010102-8","doi-asserted-by":"crossref","unstructured":"Dessiatnikoff, A., Akrout, R., Alata, E., Ka\u00e2niche, M., & Nicomette, V. (2011). A clustering approach for web vulnerabilities detection. In Proceedings of the 17th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC-2011), Pasadena, CA.","DOI":"10.1109\/PRDC.2011.31"},{"key":"ijsse.2014010102-9","doi-asserted-by":"crossref","unstructured":"Doup\u00e9, A., Cova, M., & Vigna, G. (2010). Why Johnny can't pentest: An analysis of black-box web vulnerability scanners. In Proceedings of the DIMVA 2010.","DOI":"10.1007\/978-3-642-14215-4_7"},{"key":"ijsse.2014010102-10","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2007.01.015"},{"key":"ijsse.2014010102-11","unstructured":"Felmetsger, V., Cavedon, L., Kruegel, C., & Vigna, G. (2010). Toward automated detection of logic vulnerabilities in web applications. In Proceedings of the 19th USENIX Security Symposium, Washington, DC."},{"key":"ijsse.2014010102-12","unstructured":"IBM. (2012). X-Force 2012 mid-year trend and risk report. Retrieved from http:\/\/www-01.ibm.com\/common\/ssi\/cgi-bin\/ssialias?infotype= SA&sub-type=WH&htmlfid=WGL03014USEN"},{"key":"ijsse.2014010102-13","doi-asserted-by":"crossref","unstructured":"Karr, M. (1976). Affine relationships among variables of a program. In Proceedings of the Acta Informatica.","DOI":"10.1007\/BF00268497"},{"key":"ijsse.2014010102-14","unstructured":"Kiriansky, V., Bruening, D., & Amarasinghe, S. (2002). Secure execution via program shepherding. In Proceedings of the Usenix Security Symposium."},{"key":"ijsse.2014010102-15","doi-asserted-by":"crossref","unstructured":"Ludinard, R., Totel, E., Tronel, F., Nicomette, V., Ka\u00e2niche, M., Alata, E., et al. (2012). Detecting attacks against data in web applications. In Proceedings of the International Conference on Risks and Security of Internet and Systems (CRiSIS 2012), Cork, UK.","DOI":"10.1109\/CRISIS.2012.6378943"},{"key":"ijsse.2014010102-16","unstructured":"Robertson, W. K., Vigna, G., Kruegel, C., & Kemmerer, R. A. (2006, February). Using generalization and characterization techniques in the anomaly-based detection of web attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2006), San Diego, CA."},{"key":"ijsse.2014010102-17","doi-asserted-by":"crossref","unstructured":"Sarrouy, O., Totel, E., & Jouga, B. (2009). Application data consistency checking for anomaly based intrusion detection. In Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems (SSS 2009), Lyon, France.","DOI":"10.1007\/978-3-642-05118-0_50"},{"key":"ijsse.2014010102-18","doi-asserted-by":"crossref","unstructured":"Vigna, G., Robertson, W., Kher, V., & Kemmerer, R. A. (2003). A stateful intrusion detection system for world-wide web servers. In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, NV.","DOI":"10.1109\/CSAC.2003.1254308"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=109579","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,11,21]],"date-time":"2018-11-21T02:38:52Z","timestamp":1542767932000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijsse.2014010102"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2014,1]]},"references-count":19,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.4018\/ijsse.2014010102","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,1]]}}}