Politecnico di Torino (logo)

Detecting anomalies in enterprise network events

Angelo Mirabella

Detecting anomalies in enterprise network events.

Rel. Antonio Lioy. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2020

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (2MB) | Preview

Web based vulnerabilities have been of great interest because of the huge quantity of attacks over the last years, a trend that seems to continuously increase. This is why both academic researchers and companies are investing a large amount of money to secure and protect their networks. This thesis gives its contribution to the literature by presenting an intrusion detection system that uses a number of different anomaly detection techniques to detect attacks against web servers and web based applications over the HTTP protocol. The system analyzes client queries that reference server side programs and creates models for a range of different features of these queries. Examples of such features are the length and the byte distribution of a certain parameter. In particular, the use of application specific modeling of the invocation parameters allows the system to perform focused analysis and produce a reduced number of false positives.

Relators: Antonio Lioy
Academic year: 2019/20
Publication type: Electronic
Number of Pages: 79
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Ente in cotutela: TELECOM ParisTech - EURECOM (FRANCIA)
Aziende collaboratrici: Lastline (UK) Limited
URI: http://webthesis.biblio.polito.it/id/eprint/14374
Modify record (reserved for operators) Modify record (reserved for operators)