The HTTP Content Segmentation Method Combined with AdaBoost Classifier for Web-Layer Anomaly Detection System

  • Rafał KozikEmail author
  • Michał Choraś
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 527)


In this paper we propose modifications to our machine-learning web-layer anomaly detection system that adapts HTTP content mechanism. Particularly we introduce more effective packet segmentation mechanism, adapt AdaBoost classifier, and present results on more challenging dataset. In this paper we also compared our approach with other techniques and reported the results of our experiments.


  1. 1.
    Kozik, R., Choraś, M., Renk, R., Holubowicz, W.: Patterns extraction method for anomaly detection in HTTP traffic. In: Herrero, A., Baruque, B., Sedano, J., Quintan, H., Corchado, E. (eds.) International Joint Conference CISIS 2015 and ICEUTE 2015, Advances in Intelligent Systems and Computing, pp. 227–236. Springer, Switzerland (2015)Google Scholar
  2. 2.
    ModSecurity project homepage.
  3. 3.
    PHPIDS project homepage.
  4. 4.
    NAXSI project homepage.
  5. 5.
    NGINX project homepage.
  6. 6.
    Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 251–261 (2003)Google Scholar
  7. 7.
    Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning DFA representations of HTTP for protecting web applications. Comput. Netw. 51(5), 1239–1255 (2007)CrossRefGoogle Scholar
  8. 8.
    Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-Gram against the machine: on the feasibility of the n-gram network analysis for binary protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354–373. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33338-5_18CrossRefGoogle Scholar
  9. 9.
    Bolzoni, D., Zambon, E., Etalle, S., Hartel, PH.: POSEIDON: a 2-tier anomaly-based network intrusion detection system. In: IWIA 2006: Proceedings of 4th IEEE International Workshop on Information Assurance, pp. 144–156 (2006)Google Scholar
  10. 10.
    Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: a content anomaly detector resistant to mimicry attack. In: Recent Advances in Intrusion Detection, pp. 226–248 (2006)Google Scholar
  11. 11.
    Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009)CrossRefGoogle Scholar
  12. 12.
    Sundfeld, D., Melo, A.C.M.A.: MSA-GPU: exact multiple sequence alignment using GPU. In: Setubal, J.C., Almeida, N.F. (eds.) BSB 2013. LNCS, vol. 8213, pp. 47–58. Springer, Heidelberg (2013). doi: 10.1007/978-3-319-02624-4_5CrossRefGoogle Scholar
  13. 13.
    Higgins, D.G., Sharp, P.M.: Clustal: a package for performing alignment on a microcomputer. Gene 73, 237–244 (1988)CrossRefGoogle Scholar
  14. 14.
    Gotoh, O.: Sequence alignments by iterative refinement as assessed by reference to structural alignments. J. Mol. Biol. 264(4), 823–838 (1996)CrossRefGoogle Scholar
  15. 15.
    Wozniak, M.: Hybrid Classifiers: Methods of Data, Knowledge, and Classifiers Combination. Springer Series in Studies in Computational Intelligence. Springer, Heidelberg (2013)Google Scholar
  16. 16.
    Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques. Data Management Systems, 2nd edn. Morgan Kaufmann, USA (2005)zbMATHGoogle Scholar
  17. 17.
    Torrano-Gimnez, C., Prez-Villegas, A., Alvarez, G.: The HTTP dataset CSIC (2010).

Copyright information

© Springer International Publishing AG 2017

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  1. 1.Institute of TelecommunicationsUTP University of Science and TechnologyBydgoszczPoland

Personalised recommendations