loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Author: Nathalie Dagorn

Affiliation: Laboratory of Algorithmic, Cryptology and Security (LACS), University of Luxembourg, Luxembourg

Keyword(s): Intrusion detection, anomaly detection, Web attack, false positive, Bayesian network, alarm clustering.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention

Abstract: Intrusion detection systems (IDS) are usually classified into two categories: misuse- and anomaly detection systems. Misuse detection is based on signatures; it is precise but can only accommodate already known attacks. Unlike this, anomaly detection models a system’s usual behavior and is able to detect new attacks, but some major challenges remain to be solved in this field, in particular the improvement of the detection process and the reduction of false alarms. On the application/service level, several misuse detection systems exist and work, but only one anomaly detection system is known to be efficient for now. In this short paper, we propose a Web learning-based anomaly detection system based on this system, and resulting from the junction of academic research in several fields, which we improved. The system analyzes HTTP requests as logged by most of the Web servers; it exclusively relates to the queries containing attributes. The analysis process implements a multi-model sta tistical approach. A Bayesian network is used as decision process, specifying six states (one normal state and five attack states) at the classification node. The system is improved after each log analysis thanks to a technique of alarm clustering, which allows filtering false positive. Compared to traditional anomaly detection systems, the system we present globally gains in sensitivity (each step of the process reduces the number of false positive to be dealt with) and in specificity (if an attack is detected, its type is immediately specified). Moreover, a co-operation feature (alarm correlation) with other systems is proposed for distributed intrusion detection. To date, the system has only been partially implemented but the preliminary experiments in real environment show encouraging results. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.146.105.137

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Dagorn, N. (2006). INTRUSION DETECTION FOR WEB APPLICATIONS (SHORT VERSION). In Proceedings of the International Conference on Security and Cryptography (ICETE 2006) - SECRYPT; ISBN 978-972-8865-63-4; ISSN 2184-3236, SciTePress, pages 32-39. DOI: 10.5220/0002097900320039

@conference{secrypt06,
author={Nathalie Dagorn.},
title={INTRUSION DETECTION FOR WEB APPLICATIONS (SHORT VERSION)},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2006) - SECRYPT},
year={2006},
pages={32-39},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002097900320039},
isbn={978-972-8865-63-4},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2006) - SECRYPT
TI - INTRUSION DETECTION FOR WEB APPLICATIONS (SHORT VERSION)
SN - 978-972-8865-63-4
IS - 2184-3236
AU - Dagorn, N.
PY - 2006
SP - 32
EP - 39
DO - 10.5220/0002097900320039
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic