Automatic Integrity Checks for Remote Web Site Defacements

Abstract # ↰

Web site defacement is one of the most common attacks in the Internet. The only existing approach to automatic detection of such attacks is based on a comparison between the web resource and an uncorrupted copy kept in a safe place. Implementing such a framework may be expensive and difficult, especially for dynamic resources. In this paper we explore a different approach and propose a tool capable of monitoring the integrity of remote web resources automatically, while remaining fully decoupled from them. We evaluated our tool on a selection of highly dynamic resources and the results are very encouraging: the tool is indeed able to detect (simulated) defacements and cope with dynamic content while keeping false positives to a minimum. This framework may allow developing services capable of monitoring many foreign web sites cheaply, which may be very attractive for small budget-limited organizations that depend on the web for their operation.