Sciweavers

Share
CN
2007

Learning DFA representations of HTTP for protecting web applications

8 years 6 months ago
Learning DFA representations of HTTP for protecting web applications
Intrusion detection is a key technology for self-healing systems designed to prevent or manage damage caused by security threats. Protecting web server-based applications using intrusion detection is challenging, especially when autonomy is required (i.e., without signature updates or extensive administrative overhead). Web applications are difficult to protect because they are large, complex, highly customized, and often created by programmers with little security background. Anomaly-based intrusion detection has been proposed as a strategy to meet these requirements. This paper describes how DFA (Deterministic Finite Automata) induction can be used to detect malicious web requests. The method is used in combination with rules for reducing variability among requests and heuristics for filtering and grouping anomalies. With this setup a wide variety of attacks is detectable with few false-positives, even when the system is trained on data containing benign attacks (e.g., attacks that...
Kenneth L. Ingham, Anil Somayaji, John Burge, Step
Added 12 Dec 2010
Updated 12 Dec 2010
Type Journal
Year 2007
Where CN
Authors Kenneth L. Ingham, Anil Somayaji, John Burge, Stephanie Forrest
Comments (0)
books