Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

14219 Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
Home Policy Brochure Browse Search User Area Contact Help

Bolzoni, D. and Etalle, S. (2008) Boosting Web Intrusion Detection Systems by Inferring Positive Signatures. In: Confederated International Conferences On the Move to Meaningful Internet Systems (OTM), November 9-14, 2008, Monterrey, Mexico. pp. 938-955. Lecture Notes in Computer Science 5332. Springer Verlag. ISSN 0302-9743 ISBN 978-3-540-88872-7

Full text available as:


510 Kb
Open Access

Official URL:

Exported to Metis


We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the “regular? and the “irregular? ones, and applying a new method for anomaly detection on the “regular? ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:IPID: Integrated Policy-based Intrusion Detection
ID Code:14219
Deposited On:20 November 2008
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item