Advertisement

The HTTP Content Segmentation Method Combined with AdaBoost Classifier for Web-Layer Anomaly Detection System

  • Rafał KozikEmail author
  • Michał Choraś
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 527)

Abstract

In this paper we propose modifications to our machine-learning web-layer anomaly detection system that adapts HTTP content mechanism. Particularly we introduce more effective packet segmentation mechanism, adapt AdaBoost classifier, and present results on more challenging dataset. In this paper we also compared our approach with other techniques and reported the results of our experiments.

Keywords

Anomaly Detection Bloom Filter Character Distribution Attack Detection Content Delivery Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Kozik, R., Choraś, M., Renk, R., Holubowicz, W.: Patterns extraction method for anomaly detection in HTTP traffic. In: Herrero, A., Baruque, B., Sedano, J., Quintan, H., Corchado, E. (eds.) International Joint Conference CISIS 2015 and ICEUTE 2015, Advances in Intelligent Systems and Computing, pp. 227–236. Springer, Switzerland (2015)Google Scholar
  2. 2.
    ModSecurity project homepage. https://www.modsecurity.org/
  3. 3.
    PHPIDS project homepage. https://github.com/PHPIDS/PHPIDS
  4. 4.
    NAXSI project homepage. https://github.com/nbs-system/naxsi
  5. 5.
    NGINX project homepage. http://nginx.org/en/
  6. 6.
    Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 251–261 (2003)Google Scholar
  7. 7.
    Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning DFA representations of HTTP for protecting web applications. Comput. Netw. 51(5), 1239–1255 (2007)CrossRefzbMATHGoogle Scholar
  8. 8.
    Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-Gram against the machine: on the feasibility of the n-gram network analysis for binary protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354–373. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33338-5_18 CrossRefGoogle Scholar
  9. 9.
    Bolzoni, D., Zambon, E., Etalle, S., Hartel, PH.: POSEIDON: a 2-tier anomaly-based network intrusion detection system. In: IWIA 2006: Proceedings of 4th IEEE International Workshop on Information Assurance, pp. 144–156 (2006)Google Scholar
  10. 10.
    Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: a content anomaly detector resistant to mimicry attack. In: Recent Advances in Intrusion Detection, pp. 226–248 (2006)Google Scholar
  11. 11.
    Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009)CrossRefzbMATHGoogle Scholar
  12. 12.
    Sundfeld, D., Melo, A.C.M.A.: MSA-GPU: exact multiple sequence alignment using GPU. In: Setubal, J.C., Almeida, N.F. (eds.) BSB 2013. LNCS, vol. 8213, pp. 47–58. Springer, Heidelberg (2013). doi: 10.1007/978-3-319-02624-4_5 CrossRefGoogle Scholar
  13. 13.
    Higgins, D.G., Sharp, P.M.: Clustal: a package for performing alignment on a microcomputer. Gene 73, 237–244 (1988)CrossRefGoogle Scholar
  14. 14.
    Gotoh, O.: Sequence alignments by iterative refinement as assessed by reference to structural alignments. J. Mol. Biol. 264(4), 823–838 (1996)CrossRefGoogle Scholar
  15. 15.
    Wozniak, M.: Hybrid Classifiers: Methods of Data, Knowledge, and Classifiers Combination. Springer Series in Studies in Computational Intelligence. Springer, Heidelberg (2013)Google Scholar
  16. 16.
    Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques. Data Management Systems, 2nd edn. Morgan Kaufmann, USA (2005)zbMATHGoogle Scholar
  17. 17.
    Torrano-Gimnez, C., Prez-Villegas, A., Alvarez, G.: The HTTP dataset CSIC (2010). http://users.aber.ac.uk/pds7/csic_dataset/csic2010http.html

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Institute of TelecommunicationsUTP University of Science and TechnologyBydgoszczPoland

Personalised recommendations