EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


12923 Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
Home Policy Brochure Browse Search User Area Contact Help

Bolzoni, D. and Etalle, S. (2008) Boosting Web Intrusion Detection Systems by Inferring Positive Signatures. Technical Report TR-CTIT-08-43, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625

Full text available as:

PDF

402 Kb
Open Access


Exported to Metis

Abstract

We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the "regular" ones based on the inference of
a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.

Item Type:Internal Report (Technical Report)
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:IPID: Integrated Policy-based Intrusion Detection
ID Code:12923
Deposited On:25 June 2008
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item