Beta 1


Title HTTP application-level intrusion detection and prevention
Author Cabrera, Fernando Alvarez
Supervisor Sharp, Robin (Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Institution Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
Thesis level Master's thesis
Year 2005
Abstract Within computer security, intrusion detection is one of its key players. Intrusion detection is commonly carried out at the lower levels of a network s architecture. For example, the inspection of a TCP/IP packet s properties. Intrusion detection systems have tried to analyze content, for some time now, at an application layer of the network s architecture. The results of application-level analysis have not had much success. This document presents an applicationlevel intrusion detection system. The application-level protocol subject to analysis is HTTP. The system is based on neural network technology for categorizing classes of known attacks. The system is stateful enabled i.e. it is capable of correlating a sequence of suspicious HTTP requests with their HTTP responses in order to detect temporal patterns of behavior. The system also presents close to real-time analysis during the service of a client s HTTP request, making it a fast and robust preemptive analysis tool.
Imprint Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU : DK-2800 Kgs. Lyngby, Denmark
Pages 194
Fulltext
Original Postscript imm3598.ps (7.90 MB)
Derived PDF imm3598.pdf (0.67 MB)
Admin Creation date: 2006-06-22    Update date: 2012-12-19    Source: dtu    ID: 185818    Original MXD