Intrusion Detection System by Statistical Learning
(2016) In LU-CS-EX 2016-26 EDA920 20161Department of Computer Science
- Abstract
- A web server intrusion is when a user gains unauthorized access to resources. This is often accomplished using code injection attacks. Intrusion detection systems today often utilize regular expressions to detect code injection attacks. Some attempts have been made to merge the fields of web security and machine learning. However, they often simply distinguish intrusion attempts from regular requests without detailed classification.
In this thesis, we separate benign requests from malign ones by determining the intention of a request. During our process, we found that request intentions are not always easily separable into good or bad. There are certain types of requests that appear to be malicious, but are actually benign. We present a... (More) - A web server intrusion is when a user gains unauthorized access to resources. This is often accomplished using code injection attacks. Intrusion detection systems today often utilize regular expressions to detect code injection attacks. Some attempts have been made to merge the fields of web security and machine learning. However, they often simply distinguish intrusion attempts from regular requests without detailed classification.
In this thesis, we separate benign requests from malign ones by determining the intention of a request. During our process, we found that request intentions are not always easily separable into good or bad. There are certain types of requests that appear to be malicious, but are actually benign. We present a novel approach to multinomially classify requests based on their textual representation.
We explore three data representation methods, as well as four classification algorithms. These algorithms are compared and their applicability is discussed in the context of an intrusion detection system: Triggerfish. Finally, we report results that reach an accuracy of 99.51%. (Less) - Popular Abstract (Swedish)
- I takt med att tillgängligheten ökar på nätet så ökar även behovet av smidiga säkerhetslösningar. Detta examensarbete utforskar möjligheten att tillämpa statistiskt lärande för att upptäcka intrångsförsök.
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/8887271
- author
- Bahtijaragic, Meris LU and Kroné, Julian LU
- supervisor
- organization
- course
- EDA920 20161
- year
- 2016
- type
- M3 - Professional qualifications ( - 4 Years)
- subject
- keywords
- Web security, Intrusion detection, Data mining, Classification
- publication/series
- LU-CS-EX 2016-26
- report number
- LU-CS-EX 2016-26
- ISSN
- 1650-2884
- language
- English
- id
- 8887271
- date added to LUP
- 2016-08-02 10:30:08
- date last changed
- 2016-08-02 10:30:08
@misc{8887271, abstract = {{A web server intrusion is when a user gains unauthorized access to resources. This is often accomplished using code injection attacks. Intrusion detection systems today often utilize regular expressions to detect code injection attacks. Some attempts have been made to merge the fields of web security and machine learning. However, they often simply distinguish intrusion attempts from regular requests without detailed classification. In this thesis, we separate benign requests from malign ones by determining the intention of a request. During our process, we found that request intentions are not always easily separable into good or bad. There are certain types of requests that appear to be malicious, but are actually benign. We present a novel approach to multinomially classify requests based on their textual representation. We explore three data representation methods, as well as four classification algorithms. These algorithms are compared and their applicability is discussed in the context of an intrusion detection system: Triggerfish. Finally, we report results that reach an accuracy of 99.51%.}}, author = {{Bahtijaragic, Meris and Kroné, Julian}}, issn = {{1650-2884}}, language = {{eng}}, note = {{Student Paper}}, series = {{LU-CS-EX 2016-26}}, title = {{Intrusion Detection System by Statistical Learning}}, year = {{2016}}, }