Publication | Closed Access
A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic
92
Citations
7
References
2005
Year
Unknown Venue
Internet Traffic AnalysisAnomaly DetectionEngineeringInformation SecurityInformation ForensicsMisuse ComponentsDenial-of-service AttackSerial ArchitectureIntrusion Detection SystemThreat DetectionSecurity TestingIntrusion ToleranceComputer ScienceHttp TrafficData SecurityMisuse Idses AppliedCryptographyIntrusion DetectionSerial CombinationSensitive Misuse ComponentNetwork Traffic Measurement
Combining an "anomaly" and a "misuse" IDSes offers the advantage of separating the monitored events between normal, intrusive or unqualified classes (i.e. not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components. This framework applied to Web servers lead us to propose a serial architecture, using a drastic anomaly component with a sensitive misuse component. This architecture provides the operator with better qualification of the detection results, raises lower amount of false alarms and unqualified events.
| Year | Citations | |
|---|---|---|
Page 1
Page 1