Applying Autonomic Intrusion Detection on Web Applications

Main Article Content

Eduardo Alves Ferreira Rodrigo Fernandes de Mello

Abstract

The characterization of system behavior is a commonly considered approach when performing intrusion detection. Such approach is limited when the observed context is unstructured, that is, contextcharacterization is not a trivial task. In order to tackle this issue, this paper considers the use of singlepass clustering techniques to quantize unstructured data, generating time series where novelty detection techniques can be employed to detect intrusion incidents. We evaluate this approach using public system characterization data sets, and the outputs of a web application in a simulated environment. Weobserved that our approach is capable of aggregating context information into time series in order to represent the behavior of applications with fairly enough precision to detect attacks.

Article Details

How to Cite
FERREIRA, Eduardo Alves; DE MELLO, Rodrigo Fernandes. Applying Autonomic Intrusion Detection on Web Applications. INFOCOMP, [S.l.], v. 11, n. 1, p. 13-21, mar. 2012. ISSN 1982-3363. Available at: <http://infocomp.dcc.ufla.br/index.php/INFOCOMP/article/view/347>. Date accessed: 16 dec. 2017.
Keywords
Intrusion detection, Web applications
Section
Articles