University of Twente Student Theses
Self-adaptation to concept drift in web-based anomaly detection
Orij, J. (2016) Self-adaptation to concept drift in web-based anomaly detection.
|
PDF
3MB |
| Abstract: | Attacks on web applications that utilize the HTTP request line and request body as attack vectors are amongst the most prevailing web-based attacks in the wild. For anomaly-based detection systems, which compare traffic to a model of normal behavior in order to detect attacks, a major challenge is to cope with "concept drift", which are legitimate changes in the monitored traffic caused by changes in the application to which the traffic belongs. This research proposes an anomaly-based detection system that is specifically designed to cope with this challenge. The system is based on different state-of-the-art techniques in web-based anomaly detection, as well as on the concept of "trusted clients". When clients have a history of trusted behavior, this is considered in the retraining process of the anomaly detection models, with which we aim to decrease the overall false positive rate of the system, especially during instances of concept drift. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/71362 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page