A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic

Elvis Tombini; Mireille Ducass?; Herv? Debar; Ludovic M?

doi:10.1109/CSAC.2004.4

A
ACSAC
2004
20th Annual Computer Security Applications Conference (ACSAC'04)
Abstract - A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Elvis Tombini Articles by Herv? Debar Articles by Ludovic M? Articles by Mireille Ducass?

20th Annual Computer Security Applications Conference (ACSAC'04)

A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic

Tucson, Arizona

December 06-December 10

ISBN: 0-7695-2252-1

	ASCII Text	x
	Elvis Tombini, Herv? Debar, Ludovic M?, Mireille Ducass?, "A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic," Computer Security Applications Conference, Annual, pp. 428-437, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004.

	BibTex	x
	@article{ 10.1109/CSAC.2004.4, author = {Elvis Tombini and Herv? Debar and Ludovic M? and Mireille Ducass?}, title = {A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2004}, issn = {1063-9527}, pages = {428-437}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.4}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic SN - 1063-9527 SP428 EP437 A1 - Elvis Tombini, A1 - Herv? Debar, A1 - Ludovic M?, A1 - Mireille Ducass?, PY - 2004 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Elvis Tombini, France T?l?com, Caen, France

Herv? Debar, France T?l?com, Caen, France

Ludovic M?, Sup?lec, Rennes, France

Mireille Ducass?, IRISA/INSA, Rennes, France

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.4

Combining an "anomaly" and a "misuse" IDSes offers the advantage of separting the monitored events between normal, intrusive or unqualified classes (ie not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components. This framework applied to web servers lead us to propose a serial architecture, using a drastic anomaly component with a sensitive misuse component. This architecture provides the operator with better qualification of the detection results, raises lower amount of false alarms and unqualified events.

Citation:

Elvis Tombini, Herv? Debar, Ludovic M?, Mireille Ducass?, "A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic," acsac, pp.428-437, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.