Anomaly-based intrusion detection in software as a service

Anomaly-based intrusion detection systems (IDS) have the ability of detecting previously unknown attacks, which is important since new vulnerabilities and attacks are constantly appearing. Software as a service web applications are currently much targeted by attacks, so they are an obvious application for such IDSs. The paper presents a study of the use of anomaly-based IDSs with data from a production environment hosting a web application of large dimensions. It describes how challenges like processing a large number of requests and obtaining training data without attacks were solved. It also presents an evaluation comparing the accuracy obtained with the different types of models that were used to represent normal behavior.

[1]  Salvatore J. Stolfo,et al.  Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[2]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[3]  Sung Deok Cha,et al.  SAD: web session anomaly detection based on parameter estimation , 2004, Comput. Secur..

[4]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[5]  Kenneth LeRoy Ingham,et al.  Anomaly Detection for HTTP Intrusion Detection: Algorithm Comparisons and the Effect of Generalization on Accuracy , 2007 .

[6]  R. Power CSI/FBI computer crime and security survey , 2001 .

[7]  Christopher Krügel,et al.  Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks , 2006, NDSS.

[8]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[9]  Stephanie Forrest,et al.  Learning DFA representations of HTTP for protecting web applications , 2007, Comput. Networks.

[10]  Christopher Krügel,et al.  A multi-model approach to the detection of web-based attacks , 2005, Comput. Networks.

[11]  R. A. Maxion,et al.  Proper Use of ROC Curves in Intrusion/Anomaly Detection , 2004 .

[12]  Edward G. Amoroso Intrusion Detection , 1999 .

[13]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[14]  Hajime Inoue,et al.  Comparing Anomaly Detection Techniques for HTTP , 2007, RAID.

[15]  M Damashek,et al.  Gauging Similarity with n-Grams: Language-Independent Categorization of Text , 1995, Science.

[16]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.