We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the "regular" and the "irregular" ones, and applying a new method for anomaly detection on the "regular" ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.
|Titel||On the Move to Meaningful Internet Systems 2008: OTM 2008 Confederated International Conferences (Monterrey, Mexico, November 9-14, 2008), Part II|
|Redacteuren||R. Meersman, Z. Tari|
|Plaats van productie||Berlin|
|ISBN van geprinte versie||978-3-540-88872-7|
|Status||Gepubliceerd - 2008|
|Naam||Lecture Notes in Computer Science|
|ISSN van geprinte versie||0302-9743|