A modular architecture for the analysis of HTTP payloads based on Multiple Classiﬁers

3 Davide Ariu Giorgio Giacinto 2011 A modular architecture for the analysis of HTTP payloads based on Multiple Classiﬁers 10th Int. Workshop on Multiple Classifier Systems (MCS 2011), Naples, Italy 15/06/2011 ids00 mcs00 <div align="justify"> In this paper we propose an Intrusion Detection System (IDS) for the detection of attacks against a web server. The system analyzes the requests received by a web server, and is based on a two-stages classiï¬�cation algorithm that heavily relies on the MCS paradigm. In the ï¬�rst stage the structure of the HTTP requests is modeled using several ensembles of Hidden Markov Models. Then, the outputs of these ensembles are combined using a one-class classiï¬�cation algorithm. We evaluated the system on several datasets of real traï¬�c and real attacks. Experimental results, and comparisons with state-of.the.art detection systems show the eï¬�ectiveness of the proposed approach.<br /> </div>

Ariu - Workshop on Multiple Classifier Systems - 2011