An improved payload-based anomaly detector for web applications

被引:8
作者
Jin, Xiaohui [1 ,2 ]
Cui, Baojiang [1 ,2 ]
Li, Dong [3 ]
Cheng, Zishuai [1 ,2 ]
Yin, Congxin [1 ,2 ]
机构
[1] Beijing Univ Posts & Telecommun, Sch Cyberspace Secur, Xitucheng Rd 10th, Beijing 100876, Peoples R China
[2] Natl Engn Lab Mobile Network Technol, Beijing, Peoples R China
[3] Inst China Gen Technol, Beijing, Peoples R China
来源
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS | 2018年 / 106卷
基金
中国国家自然科学基金;
关键词
Payload-based; Anomaly detection; Web applications; SYSTEM;
D O I
10.1016/j.jnca.2018.01.002
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Payload-based anomaly detection can find out the malicious behavior hidden in network packets rather efficiently. It is quite suitable for securing web applications, which are used widely and a major concern of cyber security nowadays. Our research is based on McPAD. We argue that the assumption about the probability distribution of features in outlier class is not appropriate and figure out a more suitable distribution by analyzing the common types of web attacks. Furthermore, we propose a new mapping algorithm for dimensionality reduction in order to improve the performance of the original one. Finally, we try to speed up the training process without significantly affect the detection performance. The experimental results show that the training time can be reduced by an average of 24.75%.
引用
收藏
页码:111 / 116
页数:6
相关论文
共 27 条
[1]  
[Anonymous], SPECTROGRAM MIXTURE
[2]  
[Anonymous], 2002, ACM S APPL COMP SAC
[3]  
[Anonymous], 2001, ACM WORKSH DAT MIN A
[4]  
[Anonymous], 2002, ADV INF SECUR
[5]  
[Anonymous], BIOL SEQUENCE ANAL
[6]  
[Anonymous], P 7 INT C DOC AN REC
[7]  
[Anonymous], IEEE INT WORKSH INF
[8]   HMMPayl: An intrusion detection system based on Hidden Markov Models [J].
Ariu, Davide ;
Tronci, Roberto ;
Giacinto, Giorgio .
COMPUTERS & SECURITY, 2011, 30 (04) :221-241
[9]  
Chinchani R., 2005, RECENT ADV INTRUSION
[10]  
Corona I., 2009, IEEE INT C ON COMMUN, P1
123