Web site defacement the process of introducing unauthorized modifications to a Web site is a very common form of attack In this paper we describe and evaluate experimentally a framework that may constitute the basis for a defacement detection service capable of monitoring thousands of remote Web sites systematically and automatically In our framework an organization may join the service by simply providing the URLs of the resources to be monitored along with the contact point of an administrator The monitored organization may thus take advantage of the service with just a few mouse clicks, without installing any software locally or changing its own daily operational processes Our approach is based on anomaly detection and allows monitoring the integrity of many remote Web resources automatically while remaining fully decoupled from them in particular, without requiring any prior knowledge about those resources We evaluated our approach over a selection of dynamic resources and a set of publicly available defacements The results are very satisfactory all attacks are detected while keeping false positives to a minimum We also assessed performance and scalability of our proposal and we found that it may indeed constitute the basis for actually deploying the proposed service on a large scale

• 出版日期2010-10