Detection of Web Defacements by means of Genetic Programming
Cyril Fillon, Alberto Bartoli,
3rd IEEE International Symposium on Information Assurance and Security (IAS), held in Manchester (United Kingdom)
Links and material:
Web site defacement, the process of introducing unauthorized modifications to a web site, is a very common form of attack. In this paper we propose a novel approach aimed at monitoring the integrity of remote web pages automatically while remaining fully decoupled from them, in particular, without requiring any prior knowledge about the page. Our approach is based on Genetic Programming (GP), an automatic method for generating computer programs inspired by analogies with the evolution theory described by Darwin. In a preliminary learning phase, GP builds an algorithm based on a sequence of readings of the observed page and a sample set of attacks. Then, we monitor the page at regular intervals applying the algorithm, which raises an alert when a suspect modification is found. We developed a prototype and tested our approach over a dataset of 15 dynamic web pages, observed for about a month, and a collection of real web defacements. We compared the experimentation outcome with those of an anomaly-based approach with known effectivess, and the results are encouraging: Genetic Programming is an effective approach for this task.