Advanced

Intrusion Detection System by Statistical Learning

Bahtijaragic, Meris LU and Kroné, Julian LU (2016) In LU-CS-EX 2016-26 EDA920 20161
Department of Computer Science
Abstract
A web server intrusion is when a user gains unauthorized access to resources. This is often accomplished using code injection attacks. Intrusion detection systems today often utilize regular expressions to detect code injection attacks. Some attempts have been made to merge the fields of web security and machine learning. However, they often simply distinguish intrusion attempts from regular requests without detailed classification.
In this thesis, we separate benign requests from malign ones by determining the intention of a request. During our process, we found that request intentions are not always easily separable into good or bad. There are certain types of requests that appear to be malicious, but are actually benign. We present a... (More)
A web server intrusion is when a user gains unauthorized access to resources. This is often accomplished using code injection attacks. Intrusion detection systems today often utilize regular expressions to detect code injection attacks. Some attempts have been made to merge the fields of web security and machine learning. However, they often simply distinguish intrusion attempts from regular requests without detailed classification.
In this thesis, we separate benign requests from malign ones by determining the intention of a request. During our process, we found that request intentions are not always easily separable into good or bad. There are certain types of requests that appear to be malicious, but are actually benign. We present a novel approach to multinomially classify requests based on their textual representation.
We explore three data representation methods, as well as four classification algorithms. These algorithms are compared and their applicability is discussed in the context of an intrusion detection system: Triggerfish. Finally, we report results that reach an accuracy of 99.51%. (Less)
Popular Abstract (Swedish)
I takt med att tillgängligheten ökar på nätet så ökar även behovet av smidiga säkerhetslösningar. Detta examensarbete utforskar möjligheten att tillämpa statistiskt lärande för att upptäcka intrångsförsök.
Please use this url to cite or link to this publication:
author
Bahtijaragic, Meris LU and Kroné, Julian LU
supervisor
organization
course
EDA920 20161
year
type
M3 - Professional qualifications ( - 4 Years)
subject
keywords
Web security, Intrusion detection, Data mining, Classification
publication/series
LU-CS-EX 2016-26
report number
LU-CS-EX 2016-26
ISSN
1650-2884
language
English
id
8887271
date added to LUP
2016-08-02 10:30:08
date last changed
2016-08-02 10:30:08
@misc{8887271,
  abstract     = {A web server intrusion is when a user gains unauthorized access to resources. This is often accomplished using code injection attacks. Intrusion detection systems today often utilize regular expressions to detect code injection attacks. Some attempts have been made to merge the fields of web security and machine learning. However, they often simply distinguish intrusion attempts from regular requests without detailed classification.
In this thesis, we separate benign requests from malign ones by determining the intention of a request. During our process, we found that request intentions are not always easily separable into good or bad. There are certain types of requests that appear to be malicious, but are actually benign. We present a novel approach to multinomially classify requests based on their textual representation.
We explore three data representation methods, as well as four classification algorithms. These algorithms are compared and their applicability is discussed in the context of an intrusion detection system: Triggerfish. Finally, we report results that reach an accuracy of 99.51%.},
  author       = {Bahtijaragic, Meris and Kroné, Julian},
  issn         = {1650-2884},
  keyword      = {Web security,Intrusion detection,Data mining,Classification},
  language     = {eng},
  note         = {Student Paper},
  series       = {LU-CS-EX 2016-26},
  title        = {Intrusion Detection System by Statistical Learning},
  year         = {2016},
}