nous pouvons citer également les arbres d'attaque [SCHNEIER 99], [MAUW ET OOSTDIJK 05 ,
attaque n'ont pas été utilisés à ce stade Plateforme d'évaluation éléments qui la composent : ? Machine Cible avec IDS ou IPS ? Machine d'Attaque ? Machine de Trafic Normal ? Machine d'Analyse Les différentes machines composant la plateforme finale ne sont pas, en réalité des machines physiques diff´rentesdiff´rentes. Nous utilisons un système de machines virtuelles. Ceci a été décidé pour des raisons de coût, mais également pour la portabilité de la plateforme. Il existe différents systèmes de gestion de machines virtuelles, Nous avons décidé d'utiliser le format " VDI " qui est utilisé par VirtualBox 9 . D'autres systèmes tels que Qemu 10 peuvent également exécuter des machines au format VDI ,
GHz avec 6 Go de RAM. Le système d'exploitation est Gnu/Linux (version 2.6.32 du noyau Linux) Le serveur exécute Ruby (version 1.8) Rails (version 2.3.2) et utilise la bibliothèque bmsql-ruby 1.8. 9. http://www.virtualbox.org/ 10, Les expériences ont été réalisées sur une machine équippée d'un processeur Pentium 4, 2010. ,
An attack-goal driven approach for web applications security assessment, European Dependable Computing Conference, pp.47-48, 2010. ,
Identification de vulnérabilités et évaluation de systèmes de détection d'intrusion pour les applications web, Congrès des Doctorants EDSYS 2011, pp.6-10, 2011. ,
Evaluation d'IDS : Méthodologie, Projet DALI. D2.ANR. Projet DALI, vol.3, p.9, 2012. ,
A Vulnerability-Based Approach to Build Attack Scenarios for Web Applications, 14 pages The 6th International Conference on Network and Systems Security (NSS) ,
Application-Integrated Data Collection for Security Monitoring, Proceedings of the fourth International Symposium on Recent Advances in Intrusion Detection, pp.22-36, 2001. ,
DOI : 10.1007/3-540-45474-8_2
Computer Security threat Monitoring and surveillance ,
Fault injection and dependability evaluation of fault-tolerant systems, IEEE Transactions on Computers, vol.42, issue.8, pp.913-923, 1993. ,
DOI : 10.1109/12.238482
Intrusion detection testing and benchmarking methodologies, First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings., pp.63-72, 2003. ,
DOI : 10.1109/IWIAS.2003.1192459
Intrusion Detection Systems : A Survey and Taxonomy, 2000. ,
WAF Virtual Patching Workshop : Securing WebGoat with ModSecurity, 2009. ,
State of the Art: Automated Black-Box Web Application Vulnerability Testing, 2010 IEEE Symposium on Security and Privacy, 2010. ,
DOI : 10.1109/SP.2010.27
Making components contrat aware, IEEE Computer, vol.23, issue.7, 1999. ,
DOI : 10.1109/2.774917
The use of the area under the ROC curve in the evaluation of machine learning algorithms, Pattern Recognition, vol.30, issue.7, pp.1145-1159, 1997. ,
DOI : 10.1016/S0031-3203(96)00142-2
Snort 2.0 Intrusion Detection ,
Non control data attacks are realistic threats, Usenix Security Symposium, pp.177-192, 2005. ,
Firewalls and Internet Security, 1994. ,
Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications, Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), pp.63-86, 2007. ,
DOI : 10.1007/978-3-540-74320-0_4
Generation of an Error Set that Emulates Software Faults, IEEE Fault Tolerant Computing Symp, p.26, 1996. ,
Validation du test du logiciel par injection de fautes : l'outil SESAME, 11ème Colloque National de Fiabilité et Maintenabilité, pp.551-559, 1998. ,
A revised taxonomy for intrusion detection systems, Annales des Télecommunications, vol.55, pp.361-378, 2000. ,
Evaluation of the Diagnostic Capabilities of Commercial Intrusion Detection Systems, Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, 2002. ,
DOI : 10.1007/3-540-36084-0_10
Webanalyzer : D??tection Pr??cise D???attaques HTTP dans les Journaux de Serveurs Web, Proceedings of EICAR 2005, 2005. ,
DOI : 10.1007/BF03219929
Detecting attack signatures in the real network withannida, ElsevierLtd, 2007. ,
Amélioration de la détection de vulnérabilités Web par classification automatique des réponses, Computer and Electronics Security Applications Rendez-vous, pp.116-130, 2010. ,
HTML pages clustering algorithm for web security scanners, p.12, 2011. ,
A Clustering Approach for Web Vulnerabilities Detection, 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing, pp.12-14, 2011. ,
DOI : 10.1109/PRDC.2011.31
URL : https://hal.archives-ouvertes.fr/hal-00755212
Intrusion tolerance in distributed computing systems, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp.110-121, 1991. ,
DOI : 10.1109/RISP.1991.130780
Chapitre 1 : La sécurité des systèmes d'information et de communication, Sécurité des réseaux et des systèmes répartis, pp.15-65, 2003. ,
Comment peut-on tolérer les intrusions sur internet ? : Les systèmes critiques face aux malveillances. La Revue de l'Electricité et de l'Electronique, pp.83-90, 2003. ,
Internet Security: An Intrusion-Tolerance Approach, Proceedings of the IEEE, pp.432-441, 2006. ,
DOI : 10.1109/JPROC.2005.862320
Why Johnny Can???t Pentest: An Analysis of Black-Box Web Vulnerability Scanners, Proc. DIMVA, 2010. ,
DOI : 10.1007/978-3-642-14215-4_7
Incremental regular inference, pp.222-237, 1996. ,
DOI : 10.1007/BFb0033357
Emulation of Software Faults: A Field Data Study and a Practical Approach, IEEE Transactions on Software Engineering, vol.32, issue.11, 2006. ,
DOI : 10.1109/TSE.2006.113
Evaluating pattern recognition techniques in intrusion detection systems, Proceedings of the 5th International Workshop on Pattern Recognition in Information Systems (PRIS), pp.144-153, 2005. ,
An introduction to roc analysis. Pattern recognition Letters, pp.861-874, 2006. ,
Evading network anomaly detection systems, Proceedings of the 13th ACM conference on Computer and communications security , CCS '06, pp.59-68, 2006. ,
DOI : 10.1145/1180405.1180414
Detecting Malicious SQL, Proceedings of TrustBus, pp.259-268, 2007. ,
DOI : 10.1007/978-3-540-74409-2_28
Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), pp.330-337, 2007. ,
DOI : 10.1109/PRDC.2007.55
Mapping software faults with web security vulnerabilities, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), 2008. ,
DOI : 10.1109/DSN.2008.4630094
Training Security Assurance Teams Using Vulnerability Injection, 2008 14th IEEE Pacific Rim International Symposium on Dependable Computing, 2008. ,
DOI : 10.1109/PRDC.2008.43
Vulnerability & attack injection for web applications, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, pp.93-102, 2009. ,
DOI : 10.1109/DSN.2009.5270349
Evaluating the [In]security of Web applications, 2010. ,
Évaluation des Systèmes de Détection d'Intrusion, Thèse de l'Université Toulouse III-Paul Sabatier, 2008. ,
Gray-box extraction of execution graphs for anomaly detection, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, pp.318-329, 2004. ,
DOI : 10.1145/1030083.1030126
A realtime intrusion detection system based on learning program behavior, Proceedings of the Third International Workshop on the Recent Advances in Intrusion Detection (RAID'2000), pp.93-109, 2000. ,
Intrusion detection in computer networks by a modular ensemble of one-class classifiers, Information Fusion, vol.9, issue.1, 2006. ,
DOI : 10.1016/j.inffus.2006.10.002
A real-time intrusion detection expert system (ides, 1992. ,
An efficient algorith for determining the convex hull of a finite planar set, Information Processing Letters, vol.1, issue.4, pp.132-133, 1972. ,
DOI : 10.1016/0020-0190(72)90045-2
Détection d'intrusions : de l'utilisation de signatures statistiques, Actes du 5ieme Atelier Fouille de Données Complexes (FDC 08), pp.105-116, 2008. ,
gFuzz : An Instrumented Web Application Fuzzing Environment, Hack.Lu '08, 2008. ,
Extending the DARPA off-line intrusion detection evaluations, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01, 2001. ,
DOI : 10.1109/DISCEX.2001.932190
A Classification of SQL Injection Attacks and Countermeasures, Proc. of the International Symposium on Secure Software Engineering, 2006. ,
A network security monitor, Proceedings ot the 1990 IEEE Computer Society Symposiumon Research in Security and Privacy, pp.296-304, 1990. ,
Intrusion Detection Using Sequences of System Calls, Journal of Computer Security, 1998. ,
Web application security assessment by fault injection and behavior monitoring, Proceedings of the twelfth international conference on World Wide Web , WWW '03, pp.148-159, 2003. ,
DOI : 10.1145/775152.775174
Securing web application code by static analysis and runtime protection, Proceedings of the 13th conference on World Wide Web , WWW '04, pp.40-52 ,
DOI : 10.1145/988672.988679
An Algorithm for Differential File Comparison, 1976. ,
State transition analysis: a rule-based intrusion detection approach, IEEE Transactions on Software Engineering, vol.21, issue.3, pp.181-199, 1995. ,
DOI : 10.1109/32.372146
Ingham and Hajime Inoue Comparing anomaly detection techniques for http, Proceeding of the 10th International Symposium on Recent Advances in Intrusion Detection, pp.42-62, 2007. ,
Practical Attack Graph Generation for Network Defense, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006. ,
DOI : 10.1109/ACSAC.2006.39
Experimental Evaluation " , Special Issue FTCS-25 Silver Jubilee, IEEE Symp. on Fault Tolerant Computing, pp.115-132, 1995. ,
Hierarchical clustering schemes, Psychometrika Journal, pp.241-254, 1967. ,
DOI : 10.1007/BF02289588
Pixy : A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper), IEEE Symposium on, 2006. ,
Static analysis for detecting taint-style vulnerabilities in web applications, Journal of Computer Security, vol.18, issue.5, pp.861-907, 2010. ,
DOI : 10.3233/JCS-2009-0385
An algorithm for drawing general undirected graphs, Information Processing Letters, vol.31, issue.1, pp.7-15, 1989. ,
DOI : 10.1016/0020-0190(89)90102-6
Automatic creation of SQL Injection and cross-site scripting attacks, 2009 IEEE 31st International Conference on Software Engineering, 2009. ,
DOI : 10.1109/ICSE.2009.5070521
Noxes, Proceedings of the 2006 ACM symposium on Applied computing , SAC '06, pp.330-337, 2006. ,
DOI : 10.1145/1141277.1141357
Automated detection of vulnerabilities in privileged programs by execution monitoring, Tenth Annual Computer Security Applications Conference, pp.134-144, 1994. ,
DOI : 10.1109/CSAC.1994.367313
Execution monitoring of security-critical programs in distributed systems: a specification-based approach, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097), pp.175-187, 1997. ,
DOI : 10.1109/SECPRI.1997.601332
Foundations of Attack???Defense Trees, Proc. of Formal Aspects of Security and Trust (FAST 2010), pp.80-95 ,
DOI : 10.1007/978-3-540-88873-4_8
Sania : Syntactic and Semantic Analysis for Automated Testing against SQL Injection, 23rd Annual Computer Security Applications Conference (ACSAC2007), pp.10-14, 2007. ,
On the Detection of Anomalous System Call Arguments, 8th European Symposium on Research in Computer Security (ESORICS 2003), pp.326-343, 2003. ,
DOI : 10.1007/978-3-540-39650-5_19
Securing web applications with static and dynamic information flow tracking, Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation , PEPM '08, pp.3-12, 2008. ,
DOI : 10.1145/1328408.1328410
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.130.6756
Contract driven development = test driven development - writing test cases, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering , ESEC-FSE '07, 2007. ,
DOI : 10.1145/1287624.1287685
Design by Contract to Improve Software Vigilance, IEEE Transactions on Software Engineering, vol.32, issue.8, p.32, 2006. ,
DOI : 10.1109/TSE.2006.79
URL : https://hal.archives-ouvertes.fr/inria-00542784
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation, 3rd symposium on Recent Advances in Intrusion Detection, pp.162-182, 2000. ,
DOI : 10.1007/3-540-39945-3_11
Finding security errors in Java program with static analysis, Proc. 14th Usenix Security Symposium, 2005. ,
Detecting attacks against data in web applications, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), p.12, 2012. ,
DOI : 10.1109/CRISIS.2012.6378943
URL : https://hal.archives-ouvertes.fr/hal-00735997
Detecting attacks against data in web applications, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS) ,
DOI : 10.1109/CRISIS.2012.6378943
URL : https://hal.archives-ouvertes.fr/hal-00735997
On the emulation of software faults by software fault injection, Proceeding International Conference on Dependable Systems and Networks. DSN 2000, 2000. ,
DOI : 10.1109/ICDSN.2000.857571
Conceptual Model and Architecture of MAFTIA Automatic generation of XSS and SQL injection attacks with goal-directed model checking, USENIX Security, 2003. ,
Automatic Evaluation of Intrusion Detection Systems, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06), pp.361-370, 2006. ,
DOI : 10.1109/ACSAC.2006.15
Thor : A Tool to Test Intrusion Detection Systems by Variations of Attacks, 2002. ,
Foundations of Attack Trees, Information Security and Cryptology-ICISC 2005, pp.186-198 ,
DOI : 10.1007/11734727_17
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory, ACM Transactions on Information and System Security, vol.3, issue.4, pp.262-294, 2000. ,
DOI : 10.1145/382912.382923
Object-oriented software construction, 1992. ,
Tailored Shielding and Bypass Testing of Web Applications, 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation, 2011. ,
DOI : 10.1109/ICST.2011.56
URL : https://hal.archives-ouvertes.fr/hal-00646424
Network intrusion detection, IEEE Network, vol.8, issue.3, pp.26-41, 1994. ,
DOI : 10.1109/65.283931
An experience developping an IDS stimulator for the black box testing of network intrusion detection system, Annual Computer Security Applications Conference, pp.374-383, 2003. ,
Traffic Anomaly Detection Using k-means Clustering, GI/ITG Workshop MMBnet, 2007. ,
Exploiting Execution Context for the Detection of Anomalous System Calls, Proceeding of the 10th International Symposium on Recent Advances in Intrusion Detection (RAID'2007), 2007. ,
Using Attack Injection to Discover New Vulnerabilities, International Conference on Dependable Systems and Networks (DSN'06), 2006. ,
DOI : 10.1109/DSN.2006.72
Polygraph : Automatically generating signatures for polymor-phic worms, Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp.226-241, 2005. ,
Automatically Hardening Web Applications Using Precise Tainting, IFIP Security 2005, 2005. ,
Measuring Security Risk of Networks Using Attack Graphs, International Journal of Next-Generation Computing, vol.1, issue.1, pp.135-147 ,
Detecting Insufficient Access Control in Web Applications, 2011 First SysSec Workshop, pp.11-18, 2011. ,
DOI : 10.1109/SysSec.2011.28
Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Transactions on Software Engineering, vol.25, issue.5, pp.633-650, 1999. ,
DOI : 10.1109/32.815323
A graph-based system for network-vulnerability analysis, Proceedings of the 1998 workshop on New security paradigms , NSPW '98, pp.71-79, 1998. ,
DOI : 10.1145/310889.310919
Defending Against Injection Attacks Through Context-Sensitive String Evaluation, Recent Advances in Intrusion Detection 2005 (RAID), 2005. ,
DOI : 10.1007/11663812_7
Practical Intrusion Detection Handbook " . Upper Saddle River, 2001. ,
A methodology for testing intrusion detection systems, IEEE Transactions on Software Engineering, vol.22, issue.10, pp.719-729, 1996. ,
DOI : 10.1109/32.544350
Using generalization and characterization techniques in the anomaly-based detection of web attacks, Proceedings of the Network and Distributed System Security Symposium, 2006. ,
A parallel genetic local search algorithm for intrusion detection in computer networks, CSICC, 2007. ,
Specification-based anomaly detection, Proceedings of the 9th ACM conference on Computer and communications security , CCS '02, pp.265-274, 2002. ,
DOI : 10.1145/586110.586146
Automated generation and analysis of attack graphs, Proceedings 2002 IEEE Symposium on Security and Privacy, pp.254-265, 2002. ,
DOI : 10.1109/SECPRI.2002.1004377
SecuBat : a web vulnerability scanner, Proceedings of the 15th international conference on World Wide Web (WWW '06), 2006. ,
A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic, 20th Annual Computer Security Applications Conference, pp.428-437, 2004. ,
DOI : 10.1109/CSAC.2004.4
URL : https://hal.archives-ouvertes.fr/hal-00356403
Next-generation intrusion detection expert system (nides) : A summary, 1995. ,
A stateful intrusion detection system for world-wide web servers, Proceedings of the Annual Computer Security Applications Conference, pp.34-43, 2003. ,
Testing network based intrusion detection signatures using mutant exploits, Proc. ACM conference on Computer and communications security, pp.21-30, 2004. ,
Detecting intrusions using system calls: alternative data models, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344), pp.133-145, 1999. ,
DOI : 10.1109/SECPRI.1999.766910
Sound and precise analysis of web applications for injection vulnerabilities, ACM SIGPLAN Notices, vol.42, issue.6, pp.32-41, 2007. ,
DOI : 10.1145/1273442.1250739
Static detection of vulnerabilities in scripting languages, Proc. 15th USENIX Security Symposium, pp.179-192, 2006. ,
Host-based intrusion detection using dynamic and static behavioral models, Pattern Recognition, vol.36, issue.1, pp.229-243, 2003. ,
DOI : 10.1016/S0031-3203(02)00026-2