University of Twente Student Theses

Login

Concept-drift in web-based IDS : evaluating current capabilities & future challenges

Zanetti, Nicola (2015) Concept-drift in web-based IDS : evaluating current capabilities & future challenges.

[img] PDF
1MB
Abstract:Anomaly based intrusion detection systems (IDS) are typically employed for protecting web applications. Changes in the applications, also known as Web Concept Drifts, negatively impact the accuracy of IDS, increasing the number of false alerts. To adapt the IDS to application changes, the retraining of the model is required. Unfortunately, retraining is a time consuming task that requires a considerable effort from system administrators and security experts. Different methods have been proposed in literature to deal with this issue. One of these, called Response Modeling, exploits the structure of HTTP responses to detect changes and automatically adapt the detection model to application drifts. In this thesis, we survey existing work that addresses the Concept Drift issue and we test one of them on simulated as well as real scenarios. The results seem to indicate that the existing approach is still not mature enough for consistently reduce the FPR (false positive rate). More precisely, it seems that just a specific type of alerts can be meaningfully reduced while most of the others are not decreased. We propose some requirements and future directions to improve such solutions, aimed at refine the efficacy of this technique.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/67848
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page