An anomaly-driven reverse proxy for web applications
Proceedings of the 2006 ACM symposium on Applied computing
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting Shrew HTTP Flood Attacks for Flash Crowds
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part I: ICCS 2007
A Multi-Sensor Model to Improve Automated Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
TCP Reassembler for Layer7-Aware Network Intrusion Detection/Prevention Systems
IEICE - Transactions on Information and Systems
Journal of Computer Security - Best papers of the Sec Track at the 2006 ACM Symposium
Detecting Network Anomalies Using CUSUM and EM Clustering
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
Splash: ad-hoc querying of data and statistical models
Proceedings of the 13th International Conference on Extending Database Technology
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Hybrid detection of application layer attacks using Markov models for normality and attacks
ICICS'10 Proceedings of the 12th international conference on Information and communications security
COTS diversity based intrusion detection and application to web servers
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
A distance sum-based hybrid method for intrusion detection
Applied Intelligence
Alert correlation: Severe attack prediction and controlling false alarm rate tradeoffs
Intelligent Data Analysis
Hi-index | 0.00 |
Combining an "anomaly" and a "misuse" IDSes offers the advantage of separting the monitored events between normal, intrusive or unqualified classes (ie not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components.This framework applied to web servers lead us to propose a serial architecture, using a drastic anomaly component with a sensitive misuse component. This architecture provides the operator with better qualification of the detection results, raises lower amount of false alarms and unqualified events.