EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


14219 Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
Home Policy Brochure Browse Search User Area Contact Help

Bolzoni, D. and Etalle, S. (2008) Boosting Web Intrusion Detection Systems by Inferring Positive Signatures. In: Confederated International Conferences On the Move to Meaningful Internet Systems (OTM), November 9-14, 2008, Monterrey, Mexico. pp. 938-955. Lecture Notes in Computer Science 5332. Springer Verlag. ISSN 0302-9743 ISBN 978-3-540-88872-7

Full text available as:

PDF

510 Kb
Open Access



Official URL: http://dx.doi.org/10.1007/978-3-540-88873-4_2

Exported to Metis

Abstract

We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the “regular? and the “irregular? ones, and applying a new method for anomaly detection on the “regular? ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:IPID: Integrated Policy-based Intrusion Detection
ID Code:14219
Status:Published
Deposited On:20 November 2008
Refereed:Yes
International:Yes
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item