IEEE Transactions on Software Engineering - Special issue on computer security and privacy
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Temporal sequence learning and data reduction for anomaly detection
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Programming ASP.NET
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Inducing Probabilistic Grammars by Bayesian Model Merging
ICGI '94 Proceedings of the Second International Colloquium on Grammatical Inference and Applications
Hidden Markov Model} Induction by Bayesian Model Merging
Advances in Neural Information Processing Systems 5, [NIPS Conference]
Application-Integrated Data Collection for Security Monitoring
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Defending Against the Wily Surfer-Web-based Attacks and Defenses
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Bayesian Event Classification for Intrusion Detection
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A Stateful Intrusion Detection System for World-Wide Web Servers
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract)
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Active learning for network intrusion detection
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Using identity credential usage logs to detect anomalous service accesses
Proceedings of the 5th ACM workshop on Digital identity management
Using an Evolutionary Neural Network for web intrusion detection
AIA '08 Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
TokDoc: a self-healing web application firewall
Proceedings of the 2010 ACM Symposium on Applied Computing
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
HMM-web: a framework for the detection of attacks against web applications
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A distributed multi-approach intrusion detection system for web services
Proceedings of the 3rd international conference on Security of information and networks
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
ICDM'10 Proceedings of the 10th industrial conference on Advances in data mining: applications and theoretical aspects
KIDS: keyed intrusion detection system
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Effective multimodel anomaly detection using cooperative negotiation
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Learning web application firewall - benefits and caveats
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
A modular architecture for the analysis of HTTP payloads based on multiple classifiers
MCS'11 Proceedings of the 10th international conference on Multiple classifier systems
Incorporating data mining tools into a new Hybrid-IDS to detect known and unknown attacks
UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
A design and implementation of profile based web application securing proxy
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Cooperative intrusion detection for web applications
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Policy-enhanced ANFIS model to counter SOAP-related attacks
Knowledge-Based Systems
A multi-tier phishing detection and filtering approach
Journal of Network and Computer Applications
SQL injection detection via program tracing and machine learning
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
The use of artificial-intelligence-based ensembles for intrusion detection: a review
Applied Computational Intelligence and Soft Computing
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Detection of HTTP-GET attack with clustering and information theoretic measurements
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Toward supervised anomaly detection
Journal of Artificial Intelligence Research
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Web-based vulnerabilities represent a substantial portion of the security exposures of computer networks. In order to detect known web-based attacks, misuse detection systems are equipped with a large number of signatures. Unfortunately, it is difficult to keep up with the daily disclosure of web-related vulnerabilities, and, in addition, vulnerabilities may be introduced by installation-specific web-based applications. Therefore, misuse detection systems should be complemented with anomaly detection systems. This paper presents an intrusion detection system that uses a number of different anomaly detection techniques to detect attacks against web servers and web-based applications. The system analyzes client queries that reference server-side programs and creates models for a wide-range of different features of these queries. Examples of such features are access patterns of server-side programs or values of individual parameters in their invocation. In particular, the use of application-specific characterization of the invocation parameters allows the system to perform focused analysis and produce a reduced number of false positives. The system derives automatically the parameter profiles associated with web applications (e.g., length and structure of parameters) and relationships between queries (e.g., access times and sequences) from the analyzed data. Therefore, it can be deployed in very different application environments without having to perform time-consuming tuning and configuration.