Using Petri Nets for Anomaly Behavior Detection in Web Systems
Web servers,as a crucial component accessible directly through browsers and integrat-ed with databases,face multiple security threats and vulnerabilities.Currently,anomaly-based Intru-sion Detection Systems (IDS)are advocated as proactive measures against web security threats,yet the challenge lies in accurately defining"normal"behavior.Using Petri nets,the system structure defined by routes in Web development can be modeled to delineate"normal"behavior,leveraging conformance checking techniques to identify"abnormal"behavior.However,employing traditional alignment tech-niques often results in"false positives".Therefore,the introduction of infix alignment-based tech-niques to align behaviors in logs and models is proposed.Simultaneously,a baseline method is presented to construct auxiliary models suitable for infix alignment.Through empirical validation,it is demonstra-ted that the infix alignment technique,facilitated by the baseline method,accurately discerns"abnor-mal"behavior.
Petri netsconformance checkinginfix alignmentanomaly detection