Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
نویسندگان
چکیده
We present a new approach to anomaly-based network intrusion detection for web applications. This approach is based on dividing the input parameters of the monitored web application in two groups: the “regular” and the “irregular” ones, and applying a new method for anomaly detection on the “regular” ones based on the inference of a regular language. We support our proposal by realizing Sphinx, an anomaly-based intrusion detection system based on it. Thorough benchmarks show that Sphinx performs better than current state-of-the-art systems, both in terms of false positives/false negatives as well as needing a shorter training period.
منابع مشابه
تولید خودکار الگوهای نفوذ جدید با استفاده از طبقهبندهای تک کلاسی و روشهای یادگیری استقرایی
In this paper, we propose an approach for automatic generation of novel intrusion signatures. This approach can be used in the signature-based Network Intrusion Detection Systems (NIDSs) and for the automation of the process of intrusion detection in these systems. In the proposed approach, first, by using several one-class classifiers, the profile of the normal network traffic is established. ...
متن کاملpSigene: Webcrawling to Generalize SQL Injection Signatures
Intrusion detection systems (IDS) are an important component to effectively protect computer systems. Misuse detection is the most popular approach to detect intrusions, using a library of signatures to find attacks. The accuracy of the signatures is paramount for an effective IDS, still today’s practitioners rely on manual techniques to improve and update those signatures. We present a system,...
متن کاملA Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملOnline Boosting Based Intrusion Detection in Changing Environments
Intrusion detection is an active research field in the development of reliable web-based information systems, where many artificial intelligence techniques are exploited to fit the specific application. Although some detection algorithms have been developed, they lack the adaptability to the frequently changing network environments, since they are mostly trained in batch mode. In this paper, we...
متن کاملAn Ontology-supported Outbound Intrusion Detection System
Outbound intrusion detection is a systems vigilance approach that aims at limiting the effects of a security threat by collectively scrutinizing outgoing traffic and local system activity. This paper summarizes the design and implementation of FROID, an outbound intrusion detection prototype built with agent technology that exploits the semantic power of ontologies in order to enable collaborat...
متن کامل