Applying Autonomic Intrusion Detection on Web Applications
Autor(a) principal: | |
---|---|
Data de Publicação: | 2012 |
Outros Autores: | |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | INFOCOMP: Jornal de Ciência da Computação |
Texto Completo: | https://infocomp.dcc.ufla.br/index.php/infocomp/article/view/347 |
Resumo: | The characterization of system behavior is a commonly considered approach when performing intrusion detection. Such approach is limited when the observed context is unstructured, that is, contextcharacterization is not a trivial task. In order to tackle this issue, this paper considers the use of singlepass clustering techniques to quantize unstructured data, generating time series where novelty detection techniques can be employed to detect intrusion incidents. We evaluate this approach using public system characterization data sets, and the outputs of a web application in a simulated environment. Weobserved that our approach is capable of aggregating context information into time series in order to represent the behavior of applications with fairly enough precision to detect attacks. |
id |
UFLA-5_e5a4f501deb1e6f586019b843191ecb4 |
---|---|
oai_identifier_str |
oai:infocomp.dcc.ufla.br:article/347 |
network_acronym_str |
UFLA-5 |
network_name_str |
INFOCOMP: Jornal de Ciência da Computação |
repository_id_str |
|
spelling |
Applying Autonomic Intrusion Detection on Web ApplicationsIntrusion detectionWeb applicationsThe characterization of system behavior is a commonly considered approach when performing intrusion detection. Such approach is limited when the observed context is unstructured, that is, contextcharacterization is not a trivial task. In order to tackle this issue, this paper considers the use of singlepass clustering techniques to quantize unstructured data, generating time series where novelty detection techniques can be employed to detect intrusion incidents. We evaluate this approach using public system characterization data sets, and the outputs of a web application in a simulated environment. Weobserved that our approach is capable of aggregating context information into time series in order to represent the behavior of applications with fairly enough precision to detect attacks.Editora da UFLA2012-03-01info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdfhttps://infocomp.dcc.ufla.br/index.php/infocomp/article/view/347INFOCOMP Journal of Computer Science; Vol. 11 No. 1 (2012): March, 2012; 13-211982-33631807-4545reponame:INFOCOMP: Jornal de Ciência da Computaçãoinstname:Universidade Federal de Lavras (UFLA)instacron:UFLAenghttps://infocomp.dcc.ufla.br/index.php/infocomp/article/view/347/331Copyright (c) 2016 INFOCOMP Journal of Computer Scienceinfo:eu-repo/semantics/openAccessFerreira, Eduardo Alvesde Mello, Rodrigo Fernandes2015-07-29T12:29:09Zoai:infocomp.dcc.ufla.br:article/347Revistahttps://infocomp.dcc.ufla.br/index.php/infocompPUBhttps://infocomp.dcc.ufla.br/index.php/infocomp/oaiinfocomp@dcc.ufla.br||apfreire@dcc.ufla.br1982-33631807-4545opendoar:2024-05-21T19:54:33.353070INFOCOMP: Jornal de Ciência da Computação - Universidade Federal de Lavras (UFLA)true |
dc.title.none.fl_str_mv |
Applying Autonomic Intrusion Detection on Web Applications |
title |
Applying Autonomic Intrusion Detection on Web Applications |
spellingShingle |
Applying Autonomic Intrusion Detection on Web Applications Ferreira, Eduardo Alves Intrusion detection Web applications |
title_short |
Applying Autonomic Intrusion Detection on Web Applications |
title_full |
Applying Autonomic Intrusion Detection on Web Applications |
title_fullStr |
Applying Autonomic Intrusion Detection on Web Applications |
title_full_unstemmed |
Applying Autonomic Intrusion Detection on Web Applications |
title_sort |
Applying Autonomic Intrusion Detection on Web Applications |
author |
Ferreira, Eduardo Alves |
author_facet |
Ferreira, Eduardo Alves de Mello, Rodrigo Fernandes |
author_role |
author |
author2 |
de Mello, Rodrigo Fernandes |
author2_role |
author |
dc.contributor.author.fl_str_mv |
Ferreira, Eduardo Alves de Mello, Rodrigo Fernandes |
dc.subject.por.fl_str_mv |
Intrusion detection Web applications |
topic |
Intrusion detection Web applications |
description |
The characterization of system behavior is a commonly considered approach when performing intrusion detection. Such approach is limited when the observed context is unstructured, that is, contextcharacterization is not a trivial task. In order to tackle this issue, this paper considers the use of singlepass clustering techniques to quantize unstructured data, generating time series where novelty detection techniques can be employed to detect intrusion incidents. We evaluate this approach using public system characterization data sets, and the outputs of a web application in a simulated environment. Weobserved that our approach is capable of aggregating context information into time series in order to represent the behavior of applications with fairly enough precision to detect attacks. |
publishDate |
2012 |
dc.date.none.fl_str_mv |
2012-03-01 |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
https://infocomp.dcc.ufla.br/index.php/infocomp/article/view/347 |
url |
https://infocomp.dcc.ufla.br/index.php/infocomp/article/view/347 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
https://infocomp.dcc.ufla.br/index.php/infocomp/article/view/347/331 |
dc.rights.driver.fl_str_mv |
Copyright (c) 2016 INFOCOMP Journal of Computer Science info:eu-repo/semantics/openAccess |
rights_invalid_str_mv |
Copyright (c) 2016 INFOCOMP Journal of Computer Science |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Editora da UFLA |
publisher.none.fl_str_mv |
Editora da UFLA |
dc.source.none.fl_str_mv |
INFOCOMP Journal of Computer Science; Vol. 11 No. 1 (2012): March, 2012; 13-21 1982-3363 1807-4545 reponame:INFOCOMP: Jornal de Ciência da Computação instname:Universidade Federal de Lavras (UFLA) instacron:UFLA |
instname_str |
Universidade Federal de Lavras (UFLA) |
instacron_str |
UFLA |
institution |
UFLA |
reponame_str |
INFOCOMP: Jornal de Ciência da Computação |
collection |
INFOCOMP: Jornal de Ciência da Computação |
repository.name.fl_str_mv |
INFOCOMP: Jornal de Ciência da Computação - Universidade Federal de Lavras (UFLA) |
repository.mail.fl_str_mv |
infocomp@dcc.ufla.br||apfreire@dcc.ufla.br |
_version_ |
1799874741394210816 |