Applying Autonomic Intrusion Detection on Web Applications
Main Article Content
Abstract
The characterization of system behavior is a commonly considered approach when performing intrusion detection. Such approach is limited when the observed context is unstructured, that is, contextcharacterization is not a trivial task. In order to tackle this issue, this paper considers the use of singlepass clustering techniques to quantize unstructured data, generating time series where novelty detection techniques can be employed to detect intrusion incidents. We evaluate this approach using public system characterization data sets, and the outputs of a web application in a simulated environment. Weobserved that our approach is capable of aggregating context information into time series in order to represent the behavior of applications with fairly enough precision to detect attacks.
Article Details
How to Cite
Ferreira, E. A., & de Mello, R. F. (2012). Applying Autonomic Intrusion Detection on Web Applications. INFOCOMP Journal of Computer Science, 11(1), 13–21. Retrieved from http://177.105.60.18/index.php/infocomp/article/view/347
Section
Articles
Upon receipt of accepted manuscripts, authors will be invited to complete a copyright license to publish the paper. At least the corresponding author must send the copyright form signed for publication. It is a condition of publication that authors grant an exclusive licence to the the INFOCOMP Journal of Computer Science. This ensures that requests from third parties to reproduce articles are handled efficiently and consistently and will also allow the article to be as widely disseminated as possible. In assigning the copyright license, authors may use their own material in other publications and ensure that the INFOCOMP Journal of Computer Science is acknowledged as the original publication place.