An improved payload-based anomaly detector for web applications

Ariu D, 2011, HMMPayl: an intrusion detection system based on Hidden Markov Models, Comput. Secur., 30, 221, 10.1016/j.cose.2010.12.004 Bolzoni, 2006, POSEIDON: a 2-tier anomaly-based network intrusion detection system, 156 Chinchani, 2005, A fast static analysis approach to detect exploit code inside network flows Corona, 2009, HMM-Web: a framework for the detection of attacks against web applications, 1 Denning, 1987, A prototype IDES: a real-time intrusion detection expert system Dhillon, 2003, A divisive information-theoretic feature clustering algorithm for text classification, J. Mach. Learn. Res., 3, 1265 Durbin, 2012 Eskin, 2002, A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data Fogla, 2006, Evading network anomaly detection systems: formal reasoning and practical techniques, 59 Gunter, 2003, Optimizing the number of states, training iterations and Gaussians in an HMM-based handwritten word recognizer Hu, 2003, Robust support vector machines for anomaly detection in computer security, 282 Jamdagni, 2009, Intrusion detection using geometrical structure, 327 Jamdagni, 2013, RePIDS: a multi-tier real-time payload-based intrusion detection system, Comput. Network., 57, 811, 10.1016/j.comnet.2012.10.002 Kruegel, 2003, Anomaly detection of web-based attacks, 251 Kruegel, 2002, Service specific anomaly detection for network intrusion detection Li, 2012, An efficient intrusion detection system based on support vector machines and gradually feature removal method, Expert Syst. Appl., 39, 424, 10.1016/j.eswa.2011.07.032 Mahoney, 2003, An analysis of the 1999 darpa lincoln laboratory evaluation data for network anomaly detection McHugh, 2000, Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory, ACM Trans. Inf. Syst. Secur., 3, 262, 10.1145/382912.382923 Perdisci, 2006, Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems, 488 Perdisci, 2009, McPAD: a multiple classifier system for accurate payload-based anomaly detection, Comput. Network., 53, 864, 10.1016/j.comnet.2008.11.011 Portnoy, 2001, Intrusion detection with unlabeled data using clustering Song, 2008, 121 Suen, 1979, n-Gram statistics for natural language understanding and text processing, Pattern Analysis and Machine Intelligence, IEEE Trans. Pattern Anal. Mach. Intell., 1, 164, 10.1109/TPAMI.1979.4766902 Toth, 2002, Accurate buffer overflow detection via abstract payload execution Wang, 2004, Anomalous payload-based network intrusion detection Wang, 2005, Anomalous payload-based worm detection and signature generation Wang, 2006, Anagram: a content anomaly detector resistant to mimicry attack