IEEE Transactions on Software Engineering - Special issue on computer security and privacy
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Temporal sequence learning and data reduction for anomaly detection
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Mining in a data-flow environment: experience in network intrusion detection
KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Programming ASP.NET
Inducing Probabilistic Grammars by Bayesian Model Merging
ICGI '94 Proceedings of the Second International Colloquium on Grammatical Inference and Applications
Hidden Markov Model} Induction by Bayesian Model Merging
Advances in Neural Information Processing Systems 5, [NIPS Conference]
Application-Integrated Data Collection for Security Monitoring
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
"Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
An Active Splitter Architecture for Intrusion Detection and Prevention
IEEE Transactions on Dependable and Secure Computing
An anomaly-driven reverse proxy for web applications
Proceedings of the 2006 ACM symposium on Applied computing
Probabilistic anomaly detection in distributed computer networks
Science of Computer Programming
Proceedings of the 4th ACM workshop on Recurring malcode
Evading network anomaly detection systems: formal reasoning and practical techniques
Proceedings of the 13th ACM conference on Computer and communications security
Puppetnets: misusing web browsers as a distributed attack infrastructure
Proceedings of the 13th ACM conference on Computer and communications security
The Journal of Machine Learning Research
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Computer Networks: The International Journal of Computer and Telecommunications Networking
Attack profiles to derive data observations, features, and characteristics of cyber attacks
Information-Knowledge-Systems Management
New Algorithms for Efficient High-Dimensional Nonparametric Classification
The Journal of Machine Learning Research
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
IEEE Transactions on Knowledge and Data Engineering
An Automated Signature-Based Approach against Polymorphic Internet Worms
IEEE Transactions on Parallel and Distributed Systems
Honey@home: a new approach to large-scale threat monitoring
Proceedings of the 2007 ACM workshop on Recurring malcode
A parallel genetic local search algorithm for intrusion detection in computer networks
Engineering Applications of Artificial Intelligence
Multi-module vulnerability analysis of web-based applications
Proceedings of the 14th ACM conference on Computer and communications security
Agent-oriented network intrusion detection system using data mining approaches
International Journal of Agent-Oriented Software Engineering
SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A practical mimicry attack against powerful system-call monitors
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Detecting anomalous access patterns in relational databases
The VLDB Journal — The International Journal on Very Large Data Bases
Mechanisms for database intrusion detection and response
Proceedings of the 2nd SIGMOD PhD workshop on Innovative database research
Recurrent Neural Networks on Duty of Anomaly Detection in Databases
ISNN '07 Proceedings of the 4th international symposium on Neural Networks: Advances in Neural Networks, Part III
On the Effects of Learning Set Corruption in Anomaly-Based Detection of Web Defacements
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Some Issues on Intrusion Detection in Web Applications
ICAISC '08 Proceedings of the 9th international conference on Artificial Intelligence and Soft Computing
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure
ACM Transactions on Information and System Security (TISSEC)
A Self-learning System for Detection of Anomalous SIP Messages
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
TCP Reassembler for Layer7-Aware Network Intrusion Detection/Prevention Systems
IEICE - Transactions on Information and Systems
Web Application Security through Gene Expression Programming
EvoWorkshops '09 Proceedings of the EvoWorkshops 2009 on Applications of Evolutionary Computing: EvoCOMNET, EvoENVIRONMENT, EvoFIN, EvoGAMES, EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, EvoNUM, EvoSTOC, EvoTRANSLOG
ACM Computing Surveys (CSUR)
Journal of Computer Security - Best papers of the Sec Track at the 2006 ACM Symposium
Learning SQL for Database Intrusion Detection Using Context-Sensitive Modelling (Extended Abstract)
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Fides: remote anomaly-based cheat detection using client emulation
Proceedings of the 16th ACM conference on Computer and communications security
Detecting web application attacks with use of gene expression programming
CEC'09 Proceedings of the Eleventh conference on Congress on Evolutionary Computation
Adaptive Anomaly Detection via Self-calibration and Dynamic Updating
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
From Intrusion Detection to Intrusion Detection and Diagnosis: An Ontology-Based Approach
SEUS '09 Proceedings of the 7th IFIP WG 10.2 International Workshop on Software Technologies for Embedded and Ubiquitous Systems
Splash: ad-hoc querying of data and statistical models
Proceedings of the 13th International Conference on Extending Database Technology
The Journal of Machine Learning Research
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
TokDoc: a self-healing web application firewall
Proceedings of the 2010 ACM Symposium on Applied Computing
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Tracing SQL attacks via neural networks
PPAM'07 Proceedings of the 7th international conference on Parallel processing and applied mathematics
Probabilistic identification for hard to classify protocol
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Algebra for capability based attack correlation
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Intrusion detection using GSAD model for HTTP traffic on web services
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Modeling human behavior for defense against flash-crowd attacks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A Framework for Large-Scale Detection of Web Site Defacements
ACM Transactions on Internet Technology (TOIT)
HengHa: data harvesting detection on hidden databases
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Enforcing request integrity in web applications
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
KIDS: keyed intrusion detection system
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
A data-centric approach to insider attack detection in database systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Soft computing techniques for intrusion detection of SQL-based attacks
ACIIDS'10 Proceedings of the Second international conference on Intelligent information and database systems: Part I
A queue model to detect DDos attacks
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Design and analysis of genetic fuzzy systems for intrusion detection in computer networks
Expert Systems with Applications: An International Journal
Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
High-speed web attack detection through extracting exemplars from HTTP traffic
Proceedings of the 2011 ACM Symposium on Applied Computing
Anomaly detection techniques for a web defacement monitoring service
Expert Systems with Applications: An International Journal
Inoculation against malware infection using kernel-level software sensors
Proceedings of the 8th ACM international conference on Autonomic computing
Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Learning web application firewall - benefits and caveats
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
A modular architecture for the analysis of HTTP payloads based on multiple classifiers
MCS'11 Proceedings of the 10th international conference on Multiple classifier systems
BLOCK: a black-box approach for detection of state violation attacks towards web applications
Proceedings of the 27th Annual Computer Security Applications Conference
Data mining methods for anomaly detection of HTTP request exploitations
FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part II
Intrusion detection system for securing geographical information system web servers
W2GIS'04 Proceedings of the 4th international conference on Web and Wireless Geographical Information Systems
User activity investigation of a web CRM system based on the log analysis
AWIC'05 Proceedings of the Third international conference on Advances in Web Intelligence
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A dead-lock free self-healing algorithm for distributed transactional processes
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Proceedings of the 34th International Conference on Software Engineering
SQL injection detection via program tracing and machine learning
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
A static, packer-agnostic filter to detect similar malware samples
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
Identification of vulnerable parts of web applications based on anomaly detection in HTTP
Proceedings of the 14th International Conference on Computer Systems and Technologies
Sound input filter generation for integer overflow errors
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Detecting correlation between server resources for system management
Journal of Computer and System Sciences
Review: A review of novelty detection
Signal Processing
| Hi-index | 0.00 |
Web-based vulnerabilities represent a substantial portion of the security exposures of computer networks. In order to detect known web-based attacks, misuse detection systems are equipped with a large number of signatures. Unfortunately, it is difficult to keep up with the daily disclosure of web-related vulnerabilities, and, in addition, vulnerabilities may be introduced by installation-specific web-based applications. Therefore, misuse detection systems should be complemented with anomaly detection systems. This paper presents an intrusion detection system that uses a number of different anomaly detection techniques to detect attacks against web servers and web-based applications. The system correlates the server-side programs referenced by client queries with the parameters contained in these queries. The application-specific characteristics of the parameters allow the system to perform focused analysis and produce a reduced number of false positives. The system derives automatically the parameter profiles associated with web applications (e.g., length and structure of parameters) from the analyzed data. Therefore, it can be deployed in very different application environments without having to perform time-consuming tuning and configuration.