loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Author: Nathalie Dagorn

Affiliation: Laboratory of Algorithmic, Cryptology and Security (LACS), University of Luxembourg, Luxembourg

ISBN: 978-972-8865-63-4

Keyword(s): Intrusion detection, anomaly detection, Web attack, false positive, Bayesian network, alarm clustering.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention

Abstract: Intrusion detection systems (IDS) are usually classified into two categories: misuse- and anomaly detection systems. Misuse detection is based on signatures; it is precise but can only accommodate already known attacks. Unlike this, anomaly detection models a system’s usual behavior and is able to detect new attacks, but some major challenges remain to be solved in this field, in particular the improvement of the detection process and the reduction of false alarms. On the application/service level, several misuse detection systems exist and work, but only one anomaly detection system is known to be efficient for now. In this short paper, we propose a Web learning-based anomaly detection system based on this system, and resulting from the junction of academic research in several fields, which we improved. The system analyzes HTTP requests as logged by most of the Web servers; it exclusively relates to the queries containing attributes. The analysis process implements a multi-model stat istical approach. A Bayesian network is used as decision process, specifying six states (one normal state and five attack states) at the classification node. The system is improved after each log analysis thanks to a technique of alarm clustering, which allows filtering false positive. Compared to traditional anomaly detection systems, the system we present globally gains in sensitivity (each step of the process reduces the number of false positive to be dealt with) and in specificity (if an attack is detected, its type is immediately specified). Moreover, a co-operation feature (alarm correlation) with other systems is proposed for distributed intrusion detection. To date, the system has only been partially implemented but the preliminary experiments in real environment show encouraging results. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 35.172.195.49

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Dagorn N. and (2006). INTRUSION DETECTION FOR WEB APPLICATIONS (SHORT VERSION).In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 32-39. DOI: 10.5220/0002097900320039

@conference{secrypt06,
author={Nathalie Dagorn},
title={INTRUSION DETECTION FOR WEB APPLICATIONS (SHORT VERSION)},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={32-39},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002097900320039},
isbn={978-972-8865-63-4},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - INTRUSION DETECTION FOR WEB APPLICATIONS (SHORT VERSION)
SN - 978-972-8865-63-4
AU - Dagorn, N.
PY - 2006
SP - 32
EP - 39
DO - 10.5220/0002097900320039

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.