Boosting Web Intrusion Detection Systems by Inferring Positive Signatures

D. Bolzoni, Sandro Etalle

    Research output: Book/ReportReportProfessional

    4 Citations (Scopus)
    149 Downloads (Pure)

    Abstract

    We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the "regular" ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.
    Original languageEnglish
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages19
    Publication statusPublished - 24 Jun 2008

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.302/TR-CTIT-08-43
    ISSN (Print)1381-3625

    Keywords

    • SCS-Cybersecurity

    Fingerprint

    Dive into the research topics of 'Boosting Web Intrusion Detection Systems by Inferring Positive Signatures'. Together they form a unique fingerprint.
    • Boosting Web Intrusion Detection Systems by Inferring Positive Signatures

      Bolzoni, D. & Etalle, S., Nov 2008, Confederated International Conferences On the Move to Meaningful Internet Systems (OTM). Berlin: Springer, p. 938-955 18 p. (Lecture Notes in Computer Science; vol. 5332).

      Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

      Open Access
      File
      5 Citations (Scopus)
      71 Downloads (Pure)

    Cite this