Application Layer Intrusion Detection with Combination of Explicit-Rule- Based and Machine Learning Algorithms and Deployment in Cyber- Defence Program
It tackles the growing problem of application layer intrusions for enterprise and national cyber-security, but appears incremental as it builds on existing methods without claiming specific performance gains.
The paper addresses the underdeveloped field of application layer intrusion detection by analyzing current commercial and open-source capabilities and proposing an evolutionary path toward more mature systems that can scale cost-effectively for enterprise and national cyber-defense.
There have been numerous works on network intrusion detection and prevention systems, but work on application layer intrusion detection and prevention is rare and not very mature. Intrusion detection and prevention at both network and application layers are important for cyber-security and enterprise system security. Since application layer intrusion is increasing day by day, it is imperative to give adequate attention to it and use state-of-the-art algorithms for effective detection and prevention. This paper talks about current state of application layer intrusion detection and prevention capabilities in commercial and open-source space and provides a path for evolution to more mature state that will address not only enterprise system security, but also national cyber-defence. Scalability and cost-effectiveness were important factors which shaped the proposed solution.