A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic

13 years 8 months ago

Download www.acsac.org

Combining an "anomaly" and a "misuse" IDSes offers the advantage of separating the monitored events between normal, intrusive or unqualified classes (ie not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components. This framework applied to web servers lead us to propose a serial architecture, using a drastic anomaly component with a sensitive misuse component. This architecture provides the operator with better qualification of the detection results, raises lower amount of false alarms and unqualified events.

Elvis Tombini, Hervé Debar, Ludovic M&eacut

Real-time Traffic

ACSAC 2004 | Misuse Component | Security Privacy | Sensitive Misuse Component | Unqualified Classes |

claim paper

Post Info
More Details (n/a)

Added	20 Aug 2010
Updated	20 Aug 2010
Type	Conference
Year	2004
Where	ACSAC
Authors	Elvis Tombini, Hervé Debar, Ludovic Mé, Mireille Ducassé

Comments (0)

Sciweavers

A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic

ACSAC 2004 | Misuse Component | Security Privacy | Sensitive Misuse Component | Unqualified Classes |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers