Abstract
We present an intrusion-detection tool aimed at protecting web servers, and justify why such a tool is needed. We describe several interesting features, such as the ability to run in real time and to keep track of suspicious hosts. The design is flexible and the signatures used to detect malicious behavior are not limited to simple pattern matching of dangerous cgi scripts. The tool includes mechanisms to reduce the number of false alarms. We conclude with a discussion of the information gained from deploying the tool at various sites.
Original language | English (US) |
---|---|
Title of host publication | Proceedings of the Symposium on Network and Distributed System Security, NDSS 2000 |
Publisher | The Internet Society |
ISBN (Electronic) | 189156207X, 9781891562075 |
State | Published - 2000 |
Event | 7th Symposium on Network and Distributed System Security, NDSS 2000 - San Diego, United States Duration: Feb 3 2000 → Feb 4 2000 |
Publication series
Name | Proceedings of the Symposium on Network and Distributed System Security, NDSS 2000 |
---|
Conference
Conference | 7th Symposium on Network and Distributed System Security, NDSS 2000 |
---|---|
Country/Territory | United States |
City | San Diego |
Period | 02/3/00 → 02/4/00 |
Bibliographical note
Publisher Copyright:© 2000 Proceedings of the Symposium on Network and Distributed System Security, NDSS 2000. All Rights Reserved.
ASJC Scopus subject areas
- Computer Networks and Communications
- Control and Systems Engineering
- Safety, Risk, Reliability and Quality