Abstract
It has been observed for a quite long time that Web Security has been one of hot research areas, from point of view of be it either analysis or detection and later developing mitigation plans. Web security threats have undergone much sophistication compared to their initial introduction and they are becoming more & more evolved everyday. The evolution might be in terms of new ways of attack or bringing in resistance to using simulated OS or VM environments. Also, there has been considerable shift in the target of attacks in recent years. Earlier, clients were ignored while choosing targets. But, in recent years client user has become the main target for attacks as the adversary believe that the end user is the weakest link in the security chain. As a result of all these latest developments traditional security tools have been ineffective against these new attacks either for detecting or analyzing the attacks. In this regard this paper presents a brief survey of research challenges and open issues in the area of web security under the suitable subtitles depending upon type of attack associated with the issues.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Egele, M., Scholte, T., Kirda, E., Kruegel, C.: Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS). Internet Society, USA (2006)
Egele, M., Szydlowski, M., Kirda, E., Kruegel, C.: Using static program analysis to aid intrusion detection. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 17–36. Springer, Heidelberg (2006)
Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: 23rd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida (2007)
Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. Journal in Computer Virology
Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A Survey on Automated Dynamic Malware Analysis Techniques and Tools. ACM Computing Surveys Journal (accepted, to appear)
Egele, M., Kruegel, C., Kirda, E.: Dynamic spyware analysis. In: USENIX Annual Technical Conference, Santa Clara, CA (June 2007)
Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Efficient & effective malware detection at end host. In: USENIX Security 2009, Montreal, Canada (August 2009)
Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: IEEE Symposium on Security and Privacy, Oakland (May 2007)
Comparetti, P.M., Salvaneschiy, G., Kirdaz, E., Kolbitsch, C., Kruegel, C., Zaneroy, S.: Identifying dormant functionality in malware programs Improving the efficiency of dynamic malware analysis. In: IEEE Security and Privacy, Oakland (May 2010)
Canto, J., Dacier, M., Kirda, E., Leita, C.: Large scale malware collection – lessons learned. In: IEEE SRDS Workshop on Sharing Field Data and Experiment Measurements on Resilience of Distributed Computing Systems, Naples, Italy (October 2008)
Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic Worm Detection Using Structural Information of Executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 207–226. Springer, Heidelberg (2006)
Qassrawi, M.T., Zhang, H.: Client honeypots: approaches & challenges. In: 4th International Conference on New Trends in Information Science and Service Science, NISS (2010)
Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web- based attacks. Computer Networks 48(5) (July 2005)
Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., Kirda, E.: Automatically Generating Models for Botnet Detection. In: TR-iSecLab-0609-001
Raffetseder, T., Kirda, E., Kruegel, C.: Building Anti-Phishing Browser Plug-Ins: An Experience Report. In: The 3rd International Workshop on Software Engineering for Secure Systems (SESS 2007). IEEE Computer Society Press, Minne apolis (2007)
Mitterhofer, S., Platzer, C., Kruegel, C., Kirda, E.: Server-Side Bot Detection in Massive Multiplayer Online Games. In: COPublished by the IEEE Computer and Reliability Societies (May/June 2009)
Ludl, C., McAllister, S., Kirda, E., Kruegel, C.: On the Effectiveness of Techniques to Detect Phishing Sites. In: Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) 2007 Conference, Lucerne, Switzerland (July 2007)
Stringhini, G., Kruegel, C., Vigna, G.: Detecting Spammers on Social Networks. In: 26th Annual Computer Security Applications Conference, (ACSAC 2011), Austin (December 2010)
Nentwich, F., Kirda, E., Kruegel, C.: Practical Security Aspects of Digital Signature Systems. In: TR-Seclab-0606-001
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Geetha, V., Kallapur, P.V. (2011). Web Security: Research Challenges and Open Issues. In: Wu, Y. (eds) Advances in Computer, Communication, Control and Automation. Lecture Notes in Electrical Engineering, vol 121. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25541-0_51
Download citation
DOI: https://doi.org/10.1007/978-3-642-25541-0_51
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25540-3
Online ISBN: 978-3-642-25541-0
eBook Packages: EngineeringEngineering (R0)