Random DFA's can be approximately learned from sparse uniform examples
COLT '92 Proceedings of the fifth annual workshop on Computational learning theory
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Characterizing the behavior of a program using multiple-length N-grams
Proceedings of the 2000 workshop on New security paradigms
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Intrusion Detection via System Call Traces
IEEE Software
ICGI '98 Proceedings of the 4th International Colloquium on Grammatical Inference
CDIS: Towards a Computer Immune System for Detecting Network Intrusions
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Denial of service protection the nozzle
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Self-Nonself Discrimination in a Computer
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
An immunological model of distributed detection and its application to computer security
An immunological model of distributed detection and its application to computer security
Operating system stability and security through process homeostasis
Operating system stability and security through process homeostasis
IEEE Security and Privacy
One-class svms for document classification
The Journal of Machine Learning Research
Inducing grammars from sparse data sets: a survey of algorithms and results
The Journal of Machine Learning Research
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Editorial: special issue on learning from imbalanced data sets
ACM SIGKDD Explorations Newsletter - Special issue on learning from imbalanced datasets
A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Architecture for an Artificial Immune System
Evolutionary Computation
Automated response using system-call delays
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Revisiting LISYS: parameters and normal behavior
CEC '02 Proceedings of the Evolutionary Computation on 2002. CEC '02. Proceedings of the 2002 Congress - Volume 02
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection using sequences of system calls
Journal of Computer Security
X through the firewall, and other application relays
Usenix-stc'93 Proceedings of the USENIX Summer 1993 Technical Conference on Summer technical conference - Volume 1
IEEE Transactions on Neural Networks
A methodology for designing accurate anomaly detection systems
Proceedings of the 4th international IFIP/ACM Latin American conference on Networking
Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Active learning for network intrusion detection
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Using an Evolutionary Neural Network for web intrusion detection
AIA '08 Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications
TokDoc: a self-healing web application firewall
Proceedings of the 2010 ACM Symposium on Applied Computing
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
HMM-web: a framework for the detection of attacks against web applications
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A distributed multi-approach intrusion detection system for web services
Proceedings of the 3rd international conference on Security of information and networks
Enforcing request integrity in web applications
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
KIDS: keyed intrusion detection system
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Learning web application firewall - benefits and caveats
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Artificial intelligence and the future of cybersecurity
Proceedings of the 4th ACM workshop on Security and artificial intelligence
BLOCK: a black-box approach for detection of state violation attacks towards web applications
Proceedings of the 27th Annual Computer Security Applications Conference
A distributed hebb neural network for network anomaly detection
ISPA'07 Proceedings of the 5th international conference on Parallel and Distributed Processing and Applications
Detection of HTTP-GET attack with clustering and information theoretic measurements
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
| Hi-index | 0.00 |
Intrusion detection is a key technology for self-healing systems designed to prevent or manage damage caused by security threats. Protecting web server-based applications using intrusion detection is challenging, especially when autonomy is required (i.e., without signature updates or extensive administrative overhead). Web applications are difficult to protect because they are large, complex, highly customized, and often created by programmers with little security background. Anomaly-based intrusion detection has been proposed as a strategy to meet these requirements. This paper describes how DFA (Deterministic Finite Automata) induction can be used to detect malicious web requests. The method is used in combination with rules for reducing variability among requests and heuristics for filtering and grouping anomalies. With this setup a wide variety of attacks is detectable with few false-positives, even when the system is trained on data containing benign attacks (e.g., attacks that fail against properly patched servers).