A serial combination of anomaly and misuse IDSes applied to HTTP traffic. Tombini, E., Debar, H., Mé, L., & Ducassé, M. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC '04), pages 428--437, Washington, DC, USA, December, 2004. IEEE Computer Society. 00093 bibtex: tombini2004serial bibtex[numpages=10;acmid=1038335]
Paper doi abstract bibtex Combining an "anomaly" and a "misuse" IDSes offers the advantage of separting the monitored events between normal, intrusive or unqualified classes (ie not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components.This framework applied to web servers lead us to propose a serial architecture, using a drastic anomaly component with a sensitive misuse component. This architecture provides the operator with better qualification of the detection results, raises lower amount of false alarms and unqualified events.
@inproceedings{ tombini_serial_2004,
address = {Washington, DC, USA},
title = {A serial combination of anomaly and misuse {IDSes} applied to {HTTP} traffic},
isbn = {0-7695-2252-1},
url = {http://dx.doi.org/10.1109/CSAC.2004.4},
doi = {10.1109/CSAC.2004.4},
abstract = {Combining an "anomaly" and a "misuse" IDSes offers the advantage of separting the monitored events between normal, intrusive or unqualified classes (ie not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components.This framework applied to web servers lead us to propose a serial architecture, using a drastic anomaly component with a sensitive misuse component. This architecture provides the operator with better qualification of the detection results, raises lower amount of false alarms and unqualified events.},
booktitle = {Proceedings of the 20th {Annual} {Computer} {Security} {Applications} {Conference} ({ACSAC} '04)},
publisher = {IEEE Computer Society},
author = {Tombini, Elvis and Debar, Hervé and Mé, Ludovic and Ducassé, Mireille},
month = {December},
year = {2004},
note = {00093 bibtex: tombini2004serial
bibtex[numpages=10;acmid=1038335]},
keywords = {Intrusion detection, Web server, anomaly detection, combination, misuse detection, resolver},
pages = {428--437}
}
Downloads: 0
{"_id":{"_str":"5298aa259eb585cc2600099e"},"__v":0,"authorIDs":[],"author_short":["Tombini, E.","Debar, H.","Mé, L.","Ducassé, M."],"bibbaseid":"tombini-debar-m-ducass-aserialcombinationofanomalyandmisuseidsesappliedtohttptraffic-2004","bibdata":{"abstract":"Combining an \"anomaly\" and a \"misuse\" IDSes offers the advantage of separting the monitored events between normal, intrusive or unqualified classes (ie not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components.This framework applied to web servers lead us to propose a serial architecture, using a drastic anomaly component with a sensitive misuse component. This architecture provides the operator with better qualification of the detection results, raises lower amount of false alarms and unqualified events.","address":"Washington, DC, USA","author":["Tombini, Elvis","Debar, Hervé","Mé, Ludovic","Ducassé, Mireille"],"author_short":["Tombini, E.","Debar, H.","Mé, L.","Ducassé, M."],"bibtex":"@inproceedings{ tombini_serial_2004,\n address = {Washington, DC, USA},\n title = {A serial combination of anomaly and misuse {IDSes} applied to {HTTP} traffic},\n isbn = {0-7695-2252-1},\n url = {http://dx.doi.org/10.1109/CSAC.2004.4},\n doi = {10.1109/CSAC.2004.4},\n abstract = {Combining an \"anomaly\" and a \"misuse\" IDSes offers the advantage of separting the monitored events between normal, intrusive or unqualified classes (ie not known as an attack, but not recognize as safe either). In this article, we provide a framework to systematically reason about the combination of anomaly and misuse components.This framework applied to web servers lead us to propose a serial architecture, using a drastic anomaly component with a sensitive misuse component. This architecture provides the operator with better qualification of the detection results, raises lower amount of false alarms and unqualified events.},\n booktitle = {Proceedings of the 20th {Annual} {Computer} {Security} {Applications} {Conference} ({ACSAC} '04)},\n publisher = {IEEE Computer Society},\n author = {Tombini, Elvis and Debar, Hervé and Mé, Ludovic and Ducassé, Mireille},\n month = {December},\n year = {2004},\n note = {00093 bibtex: tombini2004serial \nbibtex[numpages=10;acmid=1038335]},\n keywords = {Intrusion detection, Web server, anomaly detection, combination, misuse detection, resolver},\n pages = {428--437}\n}","bibtype":"inproceedings","booktitle":"Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC '04)","doi":"10.1109/CSAC.2004.4","id":"tombini_serial_2004","isbn":"0-7695-2252-1","key":"tombini_serial_2004","keywords":"Intrusion detection, Web server, anomaly detection, combination, misuse detection, resolver","month":"December","note":"00093 bibtex: tombini2004serial bibtex[numpages=10;acmid=1038335]","pages":"428--437","publisher":"IEEE Computer Society","title":"A serial combination of anomaly and misuse IDSes applied to HTTP traffic","type":"inproceedings","url":"http://dx.doi.org/10.1109/CSAC.2004.4","year":"2004","bibbaseid":"tombini-debar-m-ducass-aserialcombinationofanomalyandmisuseidsesappliedtohttptraffic-2004","role":"author","urls":{"Paper":"http://dx.doi.org/10.1109/CSAC.2004.4"},"keyword":["Intrusion detection","Web server","anomaly detection","combination","misuse detection","resolver"],"downloads":0},"bibtype":"inproceedings","biburl":"http://bibbase.org/zotero/ealprr","downloads":0,"keywords":["intrusion detection","web server","anomaly detection","combination","misuse detection","resolver"],"search_terms":["serial","combination","anomaly","misuse","idses","applied","http","traffic","tombini","debar","mé","ducassé"],"title":"A serial combination of anomaly and misuse IDSes applied to HTTP traffic","year":2004,"dataSources":["fcy64Zdm28gydMmuE"]}