Self-adaptive web intrusion detection system
Thomas Guyet (Agrocampus Ouest, INRIA - IRISA), Ren\'e Quiniou (INRIA, - IRISA), Wei Wang (NTNU), Marie-Odile Cordier (INRIA - IRISA)
TL;DR
This paper introduces a self-adaptive web intrusion detection system that automatically updates its models based on online diagnosis consistency, enhancing detection accuracy and responsiveness to evolving web threats.
Contribution
It presents a novel self-adaptive IDS framework using meta-diagnosis to automatically adapt to new intrusions without manual intervention.
Findings
Detects intrusions with high sensitivity and precision
Automatically adapts diagnoser models online
Improves detection accuracy over static systems
Abstract
The evolution of the web server contents and the emergence of new kinds of intrusions make necessary the adaptation of the intrusion detection systems (IDS). Nowadays, the adaptation of the IDS requires manual -- tedious and unreactive -- actions from system administrators. In this paper, we present a self-adaptive intrusion detection system which relies on a set of local model-based diagnosers. The redundancy of diagnoses is exploited, online, by a meta-diagnoser to check the consistency of computed partial diagnoses, and to trigger the adaptation of defective diagnoser models (or signatures) in case of inconsistency. This system is applied to the intrusion detection from a stream of HTTP requests. Our results show that our system 1) detects intrusion occurrences sensitively and precisely, 2) accurately self-adapts diagnoser model, thus improving its detection accuracy.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Advanced Malware Detection Techniques · Spam and Phishing Detection