Much data access occurs via HTTP, which is becoming a universal transport protocol. Because of this, it has become a common exploit target and several HTTP specific IDSs have been proposed as a response. However, each IDS is developed and tested independently, and direct comparisons are difficult. We describe a framework for testing IDS algorithms, and apply it to several proposed anomaly detection algorithms, testing using identical data and test environment. The results show serious limitations in all approaches, and we make predictions about requirements for successful anomaly detection approaches used to protect web servers. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Ingham, K. L., & Inoue, H. (2007). Comparing anomaly detection techniques for HTTP. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4637 LNCS, pp. 42–62). Springer Verlag. https://doi.org/10.1007/978-3-540-74320-0_3
Mendeley helps you to discover research relevant for your work.