University of Twente Student Theses


Self-adaptation to concept drift in web-based anomaly detection

Orij, J. (2016) Self-adaptation to concept drift in web-based anomaly detection.

[img] PDF
Abstract:Attacks on web applications that utilize the HTTP request line and request body as attack vectors are amongst the most prevailing web-based attacks in the wild. For anomaly-based detection systems, which compare traffic to a model of normal behavior in order to detect attacks, a major challenge is to cope with "concept drift", which are legitimate changes in the monitored traffic caused by changes in the application to which the traffic belongs. This research proposes an anomaly-based detection system that is specifically designed to cope with this challenge. The system is based on different state-of-the-art techniques in web-based anomaly detection, as well as on the concept of "trusted clients". When clients have a history of trusted behavior, this is considered in the retraining process of the anomaly detection models, with which we aim to decrease the overall false positive rate of the system, especially during instances of concept drift.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page