A Visual Model for Web Applications Security Monitoring

Abstract

This paper proposes a novel visual model for web applications security monitoring. Although an automated intrusion detection system can shield a web application from common attacks, it usually cannot detect more complicated break-ins. So, a human-assisted monitoring system is an indispensable complement, following the "Defense in depth" strategy. To support human operators working more effectively and efficiently, information visualization techniques are utilized in this model. A prototype implementation of this model is created and is used to test against a popular open source web application. Testing results prove the model's usefulness, at least in understanding the web application security structure.