Title:  HMMpayl: An Intrusion Detection System Based On Hidden Markov Models
Issue Date:  2011
Internal authors: 
Authors:  Ariu D; Tronci R; Giacinto G
Number of authors:  3
Journal:  COMPUTERS & SECURITY
Volume:  30
Issue:  4
First page:  221
Last page:  241
Number of pages:  21
Digital Object Identifier (DOI):  http://dx.doi.org/10.1016/j.cose.2010.12.004
Scopus identifier:  2-s2.0-79955482186
ISI identifier:  WOS:000291176500006
URL:  http://dx.doi.org/10.1016/j.cose.2010.12.004
Abstract:  Nowadays the security of Web applications is one of the key topics in Computer Security. Among all the solutions that have been proposed so far, the analysis of the HTTP payload at the byte level has proven to be effective as it does not require the detailed knowledge of the applications running on the Web server. The solutions proposed in the literature actually achieved good results for the detection rate, while there is still room for reducing the false positive rate. To this end, in this paper we propose HMMPayl, an IDS where the payload is represented as a sequence of bytes, and the analysis is performed using Hidden Markov Models (HMM). The algorithm we propose for feature extraction and the joint use of HMM guarantee the same expressive power of n – gram analysis, while allowing to overcome its computational complexity. In addition, we designed HMMPayl following the Multiple Classifiers System paradigm to provide for a better classification accuracy, to increase the difficulty of evading the IDS, and to mitigate the weaknesses due to a non optimal choice of HMM parameters. Experimental results, obtained both on public and private datasets, show that the analysis performed by HMMPayl is particularly effective against the most frequent attacks toward Web applications (such as XSS and SQL-Injection). In particular, for a fixed false positive rate, HMMPayl achieves a higher detection rate respect to previously proposed approaches it has been compared with.
Type: 1.1 Articolo in rivista

Files in This Item:
There are no files associated with this item.

Questionnaire and social

Share on: