Automatic Integrity Checks for Remote Web Site Defacements

posted Jan 17, 2012, 2:27 AM by Eric Medvet   [ updated May 26, 2016, 3:17 AM ]
Web site defacement is one of the most common attacks in the Internet. The only existing approach to automatic detection of such attacks is based on a comparison between the web resource and an uncorrupted copy kept in a safe place. Implementing such a framework may be expensive and difficult, especially for dynamic resources. In this paper we explore a different approach and propose a tool capable of monitoring the integrity of remote web resources automatically, while remaining fully decoupled from them. We evaluated our tool on a selection of highly dynamic resources and the results are very encouraging: the tool is indeed able to detect (simulated) defacements and cope with dynamic content while keeping false positives to a minimum. This framework may allow developing services capable of monitoring many foreign web sites cheaply, which may be very attractive for small budget-limited organizations that depend on the web for their operation.
Eric Medvet,
Jan 17, 2012, 5:13 AM