Intrusion Detection and Protection of Application Servers
Licentiatavhandling, 2005

The protection of application servers using intrusion detection and other related techniques is studied in this thesis. A thorough review is first made of taxonomies for intrusion detection systems (IDSs) and how these can help to understand the basic functionality and problems of intrusion detection. A lightweight IDS with a number of interesting features has been developed and tested in real-life situations. I have also studied the consequences of letting such a tool be integrated into an application server rather than keeping it separate from the monitored application, as is common in traditional host-based or network-based systems. Integration enables several advantages, such as the ability to monitor encrypted transactions, an Achilles' heel in traditional systems. I also studied a number of extensions and further developments to intrusion detection. I have developed an intrusion tolerant architecture that not only detects intrusions but also provides a means to tolerate them with a graceful degradation of the offered service. The intrusion tolerance is achieved by leveraging methods from the fault-tolerant community. Finally, I suggest a method for facilitating the set-up and training of IDSs based on active learning algorithms. Considerable performance improvements can be achieved in this way, as shown in the experiments done in this work.

active learning

application-based intrusion detection

intrusion tolerance

intrusion detection

Computer security


Magnus Almgren

Chalmers, Data- och informationsteknik, Datorteknik

1652-876X (ISSN)

Using Active Learning in Intrusion Detection

Computer Security Foundations Workshop,; (2004)p. 88--98-

Paper i proceeding

Implications of IDS Classification on Attack Detection

Nordic Workshop on Secure IT Systems (NordSec),; (2003)p. 57--70-

Paper i proceeding



Datavetenskap (datalogi)

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 5

Mer information