Please use this identifier to cite or link to this item:
Title: Distress detection
Authors: Vella, Mark Joseph
Keywords: Neural networks (Computer science)
Computer security
Web servers -- Security measures
Intrusion detection systems (Computer security)
Issue Date: 2012
Publisher: University of Strathclyde
Citation: Vella, M. J. (2012). Distress detection (Doctoral dissertation).
Abstract: Web attacks pose a prime concern for cybersecurity, and whilst attackers are leveraging modern technologies to launch unpredictable attacks with serious consequences, web attack detectors are still restricted to the classical misuse and anomaly detection methods. As a result, web attack detectors have limited resilience to novel attacks or produce impractical amounts of daily false alerts. Advances in intrusion detection techniques have so far only partly alleviated the problem as they are still tied to existing methods. This thesis proposes Distress Detection (DD), a detection method providing novel web attack resilience while suppressing false alerts. It is partly inspired by the workings of the human immune system, that is capable to respond against previously unseen infections. The premise is that within the scope of an attack objective (the attack’s end result), attack HTTP requests are associated with features that are necessary to reach that objective, rendering them suspicious. Their eventual execution must generate system events that are associated with the successful attainment of their objective, called the attack symptoms. Suspicious requests and attack symptoms are modeled on the generic signs of ongoing infections that enable the immune system to respond to novel infections, however they are not exclusive to attacks. The suppression of false alerts is left to an alert correlation process based on the premise that attack requests can be distinguished from the rest through a link that connects their features with their consequent attack symptoms. The provision of novel attack resilience and false alert suppression is demonstrated through three prototype distress detectors, identifying DD as promising for effective web attack detection, despite some concerns about the level of difficulty of their implementation process.
Appears in Collections:Scholarly Works - FacICTCS

Files in This Item:
File Description SizeFormat 
Distress_detection(2012).pdf3.06 MBAdobe PDFView/Open

Items in OAR@UM are protected by copyright, with all rights reserved, unless otherwise indicated.