@inbook{aadea30c73ea418f962ceb3153c80429,
title = "Detecting remote exploits ising data mining",
abstract = "This paper describes the design and implementation of DExtor, a datamining-based exploit code detector that protects network services. DExtor operates under the assumption that normal traffic to network services contains only data whereas exploits contain code. The system is first trained with real data containing exploit code and normal traffic. Once it is trained, DExtor is deployed between a web service and its gateway or firewall, where it operates at the application layer to detect and block exploit code in real time. Tests using large volumes of normal and attack traffic demonstrate that DExtor can detect almost all the exploit code with negligible false alarm rates.",
keywords = "Attack detection, Data mining, Exploit code, Server attacks",
author = "Mohammad Masud and Latifur Khan and Bhavani Thuraisingham and Xinran Wang and Peng Liu and Sencun Zhu",
year = "2008",
doi = "10.1007/978-0-387-84927-0_15",
language = "English",
isbn = "9780387094892",
series = "IFIP International Federation for Information Processing",
pages = "177--189",
editor = "Pedro Cuenca and Carlos Guerrero and Ramon Puigjaner and Bartomeu Serra",
booktitle = "Advances in Digital Forensics IV",
}