Detection of Server-Side Web Attacks
Web servers and server-side applications constitute the key components of modern Internet services. The authors present a pattern recognition system to the detection of intrusion attempts that target such components. Their system is anomaly-based, i.e., they model the normal (legitimate) traffic and intrusion attempts are identified as anomalous traffic. In order to address the presence of attacks (noise) inside the training set they employ an ad-hoc outlier detection technique. This paper does not require supervision and allows the user to accurately detect both known and unknown attacks against web services.