A Visual Model for Web Applications Security Monitoring

  title={A Visual Model for Web Applications Security Monitoring},
  author={Dang Tran Tri and Tran Khanh Dang},
This paper proposes a novel visual model for web applications security monitoring. Although an automated intrusion detection system can shield a web application from common attacks, it usually cannot detect more complicated break-ins. So, a human-assisted monitoring system is an indispensable complement, following the "Defense in depth" strategy. To support human operators working more effectively and efficiently, information visualization techniques are utilized in this model. A prototype… 

Figures from this paper


Web application security assessment by fault injection and behavior monitoring
The design of Web application security assessment mechanisms are analyzed in order to identify poor coding practices that render Web applications vulnerable to attacks such as SQL injection and cross-site scripting.
Anomaly detection of web-based attacks
An intrusion detection system that uses a number of different anomaly detection techniques to detect attacks against web servers and web-based applications and derives automatically the parameter profiles associated with web applications from the analyzed data.
SecuBat: a web vulnerability scanner
SecuBat, a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities is developed.
Abstracting application-level web security
A scalable structuring mechanism facilitating the abstraction of security policies from large web-applications developed in heterogenous multi-platform environments is described and a tool which assists programmers develop secure applications which are resilient to a wide range of common attacks is presented.
A visualization paradigm for network intrusion detection
A novel paradigm for visual correlation of network alerts from disparate logs based on the notion that an alert must possess three attributes, namely: what, when, and where is presented, that leads to a flexible visualization tool that is also clear and intuitive to use.
Concepts for improved visualization of Web link attributes
A Visual Framework for Knowledge Discovery on the Web: An Empirical Study of Business Intelligence Exploration
Results show that knowledge map outperformed Kartoo, a commercial search engine with graphical display, in terms of effectiveness and efficiency, and Web community was found to be more effective, efficient, and usable than result list.
Crawling the Hidden Web
A generic operational model of a hidden Web crawler is introduced and how this model is realized in HiWE (Hidden Web Exposer), a prototype crawler built at Stanford is described.
The eyes have it: a task by data type taxonomy for information visualizations
  • B. Shneiderman
  • Computer Science
    Proceedings 1996 IEEE Symposium on Visual Languages
  • 1996
A task by data type taxonomy with seven data types and seven tasks (overview, zoom, filter, details-on-demand, relate, history, and extracts) is offered.
Discovery-Driven Exploration of OLAP Data Cubes
A method for locating data anomalies in a k dimensional data cube that includes the steps of associating a surprise value with each cell of a data cube, and indicating a data anomaly when the