Protecting a Moving Target: Addressing Web Application Concept Drift
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
Due to the unknown web attacks are hardly be detected and the early warning and response mechanism cannot be established, many of intrusion detection systems (IDSs) are only effective in detecting known web attacks and cannot evaluate the risk of web service. In order to conquer these limitations and inspired by immune principles, this paper presents an immunebased active defense model for web attacks which is on the basis of the clone selection and hyper-mutation. Therefore, the immune learning algorithm and the attack detection mechanism are given. The risk of web attacks is quantitatively analyzed on the relationship between the antibody concentration and the state of an illness in biological immune system (BIS). Theoretical analysis and experimental evaluation demonstrate that the model is more suitable for detecting unknown attacks, and provides an active defense mechanism for detecting network anomalies.