HTTP application-level intrusion detection and prevention

Fernando Alvarez Cabrera

AbstractWithin computer security, intrusion detection is one of its key players. Intrusion detection is commonly carried out at the lower levels of a network s architecture. For example, the inspection of a TCP/IP packet s properties. Intrusion detection systems have tried to analyze content, for some time now, at an application layer of the network s architecture. The results of application-level analysis have not had much success. This document presents an applicationlevel intrusion detection system. The application-level protocol subject to analysis is HTTP. The system is based on neural network technology for categorizing classes of known attacks. The system is stateful enabled i.e. it is capable of correlating a sequence of suspicious HTTP requests with their HTTP responses in order to detect temporal patterns of behavior. The system also presents close to real-time analysis during the service of a client s HTTP request, making it a fast and robust preemptive analysis tool.
TypeMaster's thesis [Academic thesis]
Year2005
PublisherInformatics and Mathematical Modelling, Technical University of Denmark, DTU
AddressRichard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby
SeriesIMM-Thesis-2005-4
NoteSupervised by Professor Robin Sharp
Electronic version(s)[pdf] [ps]
BibTeX data [bibtex]
IMM Group(s)Computer Science & Engineering