University of Cadiz
Now-a-days the security of Web applications is one of the key topics in computer security. Among all the solutions that have been proposed so far, the analysis of the HTTP payload at the byte level has proven to be effective as it does not require the detailed knowledge of the applications running on the web server. The solutions proposed in the literature actually achieved good results for the detection rate, while there is still room for reducing the false positive rate. In this paper, the authors propose HMMPayl, an IDS where the payload is represented as a sequence of bytes, and the analysis is performed using Hidden Markov Models (HMM).