EEMCS EPrints Service
Bolzoni, D. and Etalle, S. (2008) Boosting Web Intrusion Detection Systems by Inferring Positive Signatures. In: Confederated International Conferences On the Move to Meaningful Internet Systems (OTM), November 9-14, 2008, Monterrey, Mexico. pp. 938-955. Lecture Notes in Computer Science 5332. Springer Verlag. ISSN 0302-9743 ISBN 978-3-540-88872-7
Full text available as:
Official URL: http://dx.doi.org/10.1007/978-3-540-88873-4_2
We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the “regular? and the “irregular? ones, and applying a new method for anomaly detection on the “regular? ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.
Export this item as:
To correct this item please ask your editor
Repository Staff Only: edit this item