SensorWebIDS: A Web Mining Intrusion Detection System
Source: University of Windsor
SensorWebIDS has three main components: the Network Sensor for extracting parameters from real-time network traffic, the Log Digger for extracting parameters from web log files and the Audit Engine for analyzing all web request parameters for intrusion detection. To combat web intrusions like buffer-over-flow attack, SensorWebIDS utilizes an algorithm based on standard deviation theory's empirical rule of 99.7% of data lying within 3 of the mean, to calculate the possible maximum value length of input parameters. Association rule mining technique is employed for mining frequent parameter list and their sequential order to identify intrusions.