Boosting web intrusion detection systems by inferring positive signatures

D. Bolzoni, S. Etalle

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

4 Citations (Scopus)
2 Downloads (Pure)

Abstract

We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the "regular" ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.
Original languageEnglish
Title of host publicationOn the Move to Meaningful Internet Systems 2008: OTM 2008 Confederated International Conferences (Monterrey, Mexico, November 9-14, 2008), Part II
EditorsR. Meersman, Z. Tari
Place of PublicationBerlin
PublisherSpringer
Pages938-955
ISBN (Print)978-3-540-88872-7
DOIs
Publication statusPublished - 2008

Publication series

NameLecture Notes in Computer Science
Volume5332
ISSN (Print)0302-9743

Fingerprint Dive into the research topics of 'Boosting web intrusion detection systems by inferring positive signatures'. Together they form a unique fingerprint.

  • Cite this

    Bolzoni, D., & Etalle, S. (2008). Boosting web intrusion detection systems by inferring positive signatures. In R. Meersman, & Z. Tari (Eds.), On the Move to Meaningful Internet Systems 2008: OTM 2008 Confederated International Conferences (Monterrey, Mexico, November 9-14, 2008), Part II (pp. 938-955). (Lecture Notes in Computer Science; Vol. 5332). Springer. https://doi.org/10.1007/978-3-540-88873-4_2