Boosting Web Intrusion Detection Systems by Inferring Positive Signatures

D. Bolzoni, Sandro Etalle

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    81 Downloads (Pure)

    Abstract

    We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the “regular��? and the “irregular��? ones, and applying a new method for anomaly detection on the “regular��? ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.
    Original languageUndefined
    Title of host publicationConfederated International Conferences On the Move to Meaningful Internet Systems (OTM)
    Place of PublicationBerlin
    PublisherSpringer
    Pages938-955
    Number of pages18
    ISBN (Print)978-3-540-88872-7
    DOIs
    Publication statusPublished - Nov 2008
    EventOn the Move to Meaningful Internet Services: OTM 2008 : On the Move to Meaningful Internet Systems: OTM 2008 - Monterrey, Mexico
    Duration: 9 Nov 200814 Nov 2008

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    Number08332
    Volume5332
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Workshop

    WorkshopOn the Move to Meaningful Internet Services: OTM 2008
    Abbreviated titleOTM 2008
    CountryMexico
    CityMonterrey
    Period9/11/0814/11/08

    Keywords

    • EWI-14219
    • IR-65138
    • METIS-252124
    • SCS-Cybersecurity

    Cite this