SS-IDS: Statistical Signature based IDS

Author

Payas GUPTA, Singapore Management UniversityFollow
Chedy RAISSI
Gerard DRAY
Pascal PONCELET
Johan BRISSAUD

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

5-2009

Abstract

Security of web servers has become a sensitive subject today. Prediction of normal and abnormal request is problematic due to large number of false alarms in many anomaly based Intrusion, Detection Systems(IDS). SS-IDS derives automatically the parameter profiles from the analyzed data thereby generating the Statistical Signatures. Statistical Signatures are based on modeling of normal requests and their distribution value without explicit intervention. Several attributes are used to calculate the behavior of the legitimate request on the web server. SS-IDS is best suited for the newly installed web servers which doesn't have low gene number of requests in. the data set to train the IDS and can be used on top of currently used signature based IDS like SNORT. Experiments conducted on real data sets have shown high accuracy up to 99.98% for predicting valid request as valid and false positive rate ranges 3.82-7.84%.

Discipline

Information Security

Publication

Proceedings of 4th International Conference on Internet and Web Applications and Services, Venice, Italy, 2009 May 24-28

Identifier

10.1109/ICIW.2009.67

City or Country

Venice, Italy

Citation

GUPTA, Payas; RAISSI, Chedy; DRAY, Gerard; PONCELET, Pascal; and BRISSAUD, Johan. SS-IDS: Statistical Signature based IDS. (2009). Proceedings of 4th International Conference on Internet and Web Applications and Services, Venice, Italy, 2009 May 24-28.
Available at: https://ink.library.smu.edu.sg/sis_research/4196

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/ICIW.2009.67