METHOD OF MONITORING WEB SERVER SECURITY Russian patent published in 2010 - IPC G06F21/00 

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to ensuring information security on web serves. In order to monitor security of a web server, such quality factors of operation of the web server as query runtime t and number of link errors e_ERROR are given at a preliminary stage. A loading test is then carried out to determine threshold values of the query runtime of the web server (t_CRIT) and number of link errors (e_ERROR-CRIT). Analytical models for predicting query runtime t_PRED are constructed. Monitoring period T_M is determined at the functioning stage of the server, after which N queries are received for establishing connection during the monitoring period T_M. Current values of quality factors of operation of the web server t,e_ERROR are derived. The predicted query runtime t_PRED is then calculated based on the said values. Values of t_PRED and e_ERROR are then compared with threshold values of the quality factors and if threshold values are greater than the said values, there is an attack.

EFFECT: invention improves quality of monitoring security of a web server and provides on-line detection of critical mode of operation of the web server caused by unknown and known "denial of service" attacks, as well as legitimate user requests.

3 dwg