inria-00406450, version 1
Self-adaptive web intrusion detection system
N° RR-6989 (2009)
Abstract: The evolution of the web server contents and the emergence of new kinds of intrusions make necessary the adaptation of the intrusion detection systems (IDS). Nowadays, the adaptation of the IDS requires manual -- tedious and unreactive -- actions from system administrators. In this paper, we present a self-adaptive intrusion detection system which relies on a set of local model-based diagnosers. The redundancy of diagnoses is exploited, online, by a meta-diagnoser to check the consistency of computed partial diagnoses, and to trigger the adaptation of defective diagnoser models (or signatures) in case of inconsistency. This system is applied to the intrusion detection from a stream of HTTP requests. Our results show that our system 1) detects intrusion occurrences sensitively and precisely, 2) accurately self-adapts diagnoser model, thus improving its detection accuracy.
- a – Agrocampus Ouest
- b – INRIA
- c – Université Rennes I
- 1:
- CNRS : UMR6074 – INRIA – Institut National des Sciences Appliquées (INSA) - Rennes – Université de Rennes 1
- 2:
- Institut supérieur des sciences agronomiques, agroalimentaires, horticoles et du paysage – Ministère de l'Alimentation, de l'Agriculture et de la Pêche
- 3:
- Norwegian University of Science and Technology
- Domain : Computer Science/Networking and Telecommunication
Computer Science/Multiagent SystemsComputer Science/Artificial Intelligence - Keywords : intrusion detection – self-adaptive diagnosis – meta-diagnosis – self-adaptive system – web application intrusion
- Internal note : RR-6989
- inria-00406450, version 1
- http://hal.inria.fr/inria-00406450
- oai:hal.inria.fr:inria-00406450
- From:
- Submitted on: Wednesday, 22 July 2009 12:34:28
- Updated on: Friday, 5 March 2010 12:51:34
Associated documents
Export