Automatic Integrity Checks for Remote Web Resources

Web site defacement is one of the most common attacks in the Internet. The only existing approach to automatic detection of such attacks is based on a comparison between the web resource and an uncorrupted copy kept in a safe place. Implementing such a framework may be expensive and difficult, especially for dynamic resources. In this paper we explore a different approach and propose a tool capable of monitoring the integrity of remote web resources automatically, while remaining fully decoupled from them. We evaluated our tool on a selection of highly dynamic resources and the results are very encouraging: the tool is indeed able to detect (simulated) defacements and cope with dynamic content while keeping false positives to a minimum. This framework may allow developing services capable of monitoring many foreign web sites cheaply, which may be very attractive for small budget-limited organizations that depend on the web for their operation.