Abstract
We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the "regular" ones based on the inference of
a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.
| Original language | English |
|---|---|
| Place of Publication | Enschede |
| Publisher | Centre for Telematics and Information Technology (CTIT) |
| Number of pages | 19 |
| Publication status | Published - 24 Jun 2008 |
Publication series
| Name | CTIT Technical Report Series |
|---|---|
| Publisher | Centre for Telematics and Information Technology, University of Twente |
| No. | 302/TR-CTIT-08-43 |
| ISSN (Print) | 1381-3625 |
Keywords
- SCS-Cybersecurity
Fingerprint
Dive into the research topics of 'Boosting Web Intrusion Detection Systems by Inferring Positive Signatures'. Together they form a unique fingerprint.Research output
- 4 Citations
- 1 Conference contribution
-
Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
Bolzoni, D. & Etalle, S., Nov 2008, Confederated International Conferences On the Move to Meaningful Internet Systems (OTM). Berlin: Springer, p. 938-955 18 p. (Lecture Notes in Computer Science; vol. 5332).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review
Open AccessFile5 Link opens in a new tab Citations (Scopus)116 Downloads (Pure)
Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver