Self-adaptive web intrusion detection system

Abstract : The evolution of the web server contents and the emergence of new kinds of intrusions make necessary the adaptation of the intrusion detection systems (IDS). Nowadays, the adaptation of the IDS requires manual -- tedious and unreactive -- actions from system administrators. In this paper, we present a self-adaptive intrusion detection system which relies on a set of local model-based diagnosers. The redundancy of diagnoses is exploited, online, by a meta-diagnoser to check the consistency of computed partial diagnoses, and to trigger the adaptation of defective diagnoser models (or signatures) in case of inconsistency. This system is applied to the intrusion detection from a stream of HTTP requests. Our results show that our system 1) detects intrusion occurrences sensitively and precisely, 2) accurately self-adapts diagnoser model, thus improving its detection accuracy.
Liste complète des métadonnées

https://hal.inria.fr/inria-00406450
Contributeur : Thomas Guyet <>
Soumis le : mercredi 22 juillet 2009 - 12:34:28
Dernière modification le : jeudi 9 février 2017 - 16:03:41
Document(s) archivé(s) le : mardi 15 juin 2010 - 19:14:56

Fichiers

RR-6989.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00406450, version 1
  • ARXIV : 0907.3819

Citation

Thomas Guyet, René Quiniou, Wei Wang, Marie-Odile Cordier. Self-adaptive web intrusion detection system. [Research Report] RR-6989, INRIA. 2009, pp.24. <inria-00406450>

Partager

Métriques

Consultations de
la notice

407

Téléchargements du document

4164