DocumentCode :
2274747
Title :
A serial combination of anomaly and misuse IDSes applied to HTTP traffic
Author :
Tombini, Elvis ; Debar, Hervé ; Mé, Ludovic ; Ducassé, Mireille
Author_Institution :
France Telecom, Caen, France
fYear :
2004
fDate :
6-10 Dec. 2004
Firstpage :
428
Lastpage :
437
Abstract :
Combining an "anomaly" and a "misuse" IDSes offers the advantage of separating the monitored events between normal, intrusive or unqualified classes (i.e. not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components. This framework applied to Web servers lead us to propose a serial architecture, using a drastic anomaly component with a sensitive misuse component. This architecture provides the operator with better qualification of the detection results, raises lower amount of false alarms and unqualified events.
Keywords :
Internet; computer network management; security of data; telecommunication traffic; transport protocols; HTTP traffic; Web server; drastic anomaly component; intrusion detection system; sensitive misuse component; serial architecture; Computer architecture; Detectors; Event detection; Information analysis; Intrusion detection; Monitoring; Prototypes; Qualifications; Service oriented architecture; Web server;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Applications Conference, 2004. 20th Annual
ISSN :
1063-9527
Print_ISBN :
0-7695-2252-1
Type :
conf
DOI :
10.1109/CSAC.2004.4
Filename :
1377250
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2274747
بازگشت