@MASTERSTHESIS\{IMM2005-03598,
    author       = "F. A. Cabrera",
    title        = "{HTTP} application-level intrusion detection and prevention",
    year         = "2005",
    school       = "Informatics and Mathematical Modelling, Technical University of Denmark, {DTU}",
    address      = "Richard Petersens Plads, Building 321, {DK-}2800 Kgs. Lyngby",
    type         = "",
    note         = "Supervised by Professor Robin Sharp",
    url          = "http://www2.compute.dtu.dk/pubdb/pubs/3598-full.html",
    abstract     = "Within computer security, intrusion detection is one of its key players. Intrusion detection is commonly carried out at the lower levels of a network s architecture. For example, the inspection of a {TCP}/{IP} packet s properties. Intrusion detection systems have tried to analyze content, for some time now, at an application layer of the network s architecture. The results of application-level analysis have not had much success. This document presents an applicationlevel intrusion detection system. The application-level protocol subject to analysis is {HTTP}. The system is based on neural network technology for categorizing classes of known attacks. The system is stateful enabled i.e. it is capable of correlating a sequence of suspicious {HTTP} requests with their {HTTP} responses in order to detect temporal patterns of behavior. The system also presents close to real-time analysis during the service of a client s {HTTP} request, making it a fast and robust preemptive analysis tool."
}