LIDS: An Extended LSTM Based Web Intrusion Detection System With Active and Distributed Learning
| dc.contributor.author | Sagayam, Arul Thileeban | en |
| dc.contributor.committeechair | Back, Godmar V. | en |
| dc.contributor.committeemember | Luther, Kurt | en |
| dc.contributor.committeemember | Marchany, Randolph C. | en |
| dc.contributor.committeemember | Raymond, David R. | en |
| dc.contributor.department | Computer Science | en |
| dc.date.accessioned | 2021-05-25T08:00:51Z | en |
| dc.date.available | 2021-05-25T08:00:51Z | en |
| dc.date.issued | 2021-05-24 | en |
| dc.description.abstract | Intrusion detection systems are an integral part of web application security. As Internet use continues to increase, the demand for fast, accurate intrusion detection systems has grown. Various IDSs like Snort, Zeek, Solarwinds SEM, and Sleuth9, detect malicious intent based on existing patterns of attack. While these systems are widely deployed, there are limitations with their approach, and anomaly-based IDSs that classify baseline behavior and trigger on deviations were developed to address their shortcomings. Existing anomaly-based IDSs have limitations that are typical of any machine learning system, including high false-positive rates, a lack of clear infrastructure for deployment, the requirement for data to be centralized, and an inability to add modules tailored to specific organizational threats. To address these shortcomings, our work proposes a system that is distributed in nature, can actively learn and uses experts to improve accuracy. Our results indicate that the integrated system can operate independently as a holistic system while maintaining an accuracy of 99.03%, a false positive rate of 0.5%, and speed of processing 160,000 packets per second for an average system. | en |
| dc.description.abstractgeneral | Intrusion detection systems are an integral part of web application security. The task of an intrusion detection system is to identify attacks on web applications. As Internet use continues to increase, the demand for fast, accurate intrusion detection systems has grown. Various IDSs like Snort, Zeek, Solarwinds SEM, and Sleuth9, detect malicious intent based on existing attack patterns. While these systems are widely deployed, there are limitations with their approach, and anomaly-based IDSs that learn a system's baseline behavior and trigger on deviations were developed to address their shortcomings. Existing anomaly-based IDSs have limitations that are typical of any machine learning system, including high false-positive rates, a lack of clear infrastructure for deployment, the requirement for data to be centralized, and an inability to add modules tailored to specific organizational threats. To address these shortcomings, our work proposes a system that is distributed in nature, can actively learn and uses experts to improve accuracy. Our results indicate that the integrated system can operate independently as a holistic system while maintaining an accuracy of 99.03%, a false positive rate of 0.5%, and speed of processing 160,000 packets per second for an average system. | en |
| dc.description.degree | Master of Science | en |
| dc.format.medium | ETD | en |
| dc.identifier.other | vt_gsexam:30925 | en |
| dc.identifier.uri | http://hdl.handle.net/10919/103471 | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | IDS | en |
| dc.subject | Distributed active learning | en |
| dc.subject | Web application security | en |
| dc.title | LIDS: An Extended LSTM Based Web Intrusion Detection System With Active and Distributed Learning | en |
| dc.type | Thesis | en |
| thesis.degree.discipline | Computer Science and Applications | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | masters | en |
| thesis.degree.name | Master of Science | en |
Files
Original bundle
1 - 1 of 1