The paper

Title: Parser Instrumentation for Semantic-Aware Applicative Intrusion Detection
Authors: Grégor Quetel, Pierre-François Gimenez, Thomas Robert, Laurent Pautet
Venue: 41st International Conference on ICT Systems Security and Privacy Protection (IFIPSEC26), 2026
Abstract: Intrusion Detection Systems (IDS) are common security tools for protecting modern information systems, yet their effectiveness at detecting application-layer attacks is often limited by the semantic gap between low-level host or network observations and the actual behavior of applications. Existing work overlooks the data collection phase and typically focuses on designing complex decision engines and preprocessing functions such as embedding-based representations. Unfortunately, these approaches incur significant computational overhead at inference time and remain brittle against adversarial inputs. In this paper, we present a parser-based instrumentation approach for application-level intrusion detection that provides lexical, syntactic and explicit semantic observation with minimal overhead. We introduce gaur, an implementation for instrumenting parsers, it produces observations during parsing by associating semantic tags to grammar rules, eliminating the need for runtime natural language processing. Our evaluation demonstrates the low overhead and collection time of our data collector. Furthermore, empirical results show that incorporating explicit semantic information into decision engines not only improves detection performance over traditional mechanisms but also enables faster inference and greater robustness than approaches relying on implicit semantic representations.
Preprint: Soon !
The tool: https://github.com/gquetel/gaur