Sciweavers

Share
RAID
2009
Springer

Protecting a Moving Target: Addressing Web Application Concept Drift

8 years 11 months ago
Protecting a Moving Target: Addressing Web Application Concept Drift
Because of the ad hoc nature of web applications, intrusion detection systems that leverage machine learning techniques are particularly well-suited for protecting websites. The reason is that these systems are able to characterize the applications’ normal behavior in an automated fashion. However, anomaly-based detectors for web applications suffer from false positives that are generated whenever the applications being protected change. These false positives need to be analyzed by the security officer who then has to interact with the web application developers to confirm that the reported alerts were indeed erroneous detections. In this paper, we propose a novel technique for the automatic detection of changes in web applications, which allows for the selective retraining of the affected anomaly detection models. We demonstrate that, by correctly identifying legitimate changes in web applications, we can reduce false positives and allow for the automated retraining of the anomal...
Federico Maggi, William K. Robertson, Christopher
Added 27 May 2010
Updated 27 May 2010
Type Conference
Year 2009
Where RAID
Authors Federico Maggi, William K. Robertson, Christopher Krügel, Giovanni Vigna
Comments (0)
books