We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the “regular��? and the “irregular��? ones, and applying a new method for anomaly detection on the “regular��? ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.
|Name||Lecture Notes in Computer Science|
|Workshop||On the Move to Meaningful Internet Services: OTM 2008 |
|Abbreviated title||OTM 2008|
|Period||9/11/08 → 14/11/08|