HTTP application-level intrusion detection and prevention |
Fernando Alvarez Cabrera
|
| Abstract | Within computer security, intrusion detection is one of its key players. Intrusion detection is commonly carried out at the lower levels of a network s architecture. For example, the inspection of a TCP/IP packet s properties. Intrusion detection systems have tried to analyze content, for some time now, at an application layer of the network s architecture. The results of application-level analysis have not had much success. This document presents an applicationlevel intrusion detection system. The application-level protocol subject to analysis is HTTP. The system is based on neural network technology for categorizing classes of known attacks. The system is stateful enabled i.e. it is capable of correlating a sequence of suspicious HTTP requests with their HTTP responses in order to detect temporal patterns of behavior. The system also presents close to real-time analysis during the service of a client s HTTP request, making it a fast and robust preemptive analysis tool. |
| Type | Master's thesis [Academic thesis] |
| Year | 2005 |
| Publisher | Informatics and Mathematical Modelling, Technical University of Denmark, DTU |
| Address | Richard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby |
| Series | IMM-Thesis-2005-4 |
| Note | Supervised by Professor Robin Sharp |
| Electronic version(s) | [pdf] [ps] |
| BibTeX data | [bibtex] |
| IMM Group(s) | Computer Science & Engineering |