Abstract
In this paper the new pattern extraction method for HTTP traffic anomaly detection is proposed. The method is based on innovative combination of (i) text segmentation technique—used to identify some common parts (tokens) of requests and (ii) statistical analysis—that captures the dynamic properties (variables) of data between tokens. In result, such approach allows to capture the structure of the message body received from the consecutive requests. Our experiments show that this technique allows for significant improvement of effectiveness when compared to other techniques that treat the message body as the whole. Another advantage is the fact that our tool does not need any prior knowledge about protocols and APIs that use HTTP as a transportation mean (e.g. RESTFull API, SOAP, etc.).
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Symantec: 2014 Internet Security Threat Report, Volume 19. http://www.symantec.com/security_response/publications/threatreport.jsp (2014)
SCALP: Project homepage. http://code.google.com/p/apache-scalp/
PHPIDS: Project homepage. https://phpids.org/
OWASP Stinger: Project homepage. https://www.owasp.org/index.php/Category:OWASP_Stinger_Project
SNORT: Project homepage. http://www.snort.org/
Shar, L.K., Tan, H.B.K.: Predicting common web application vulnerabilities from input validation and sanitization code patterns. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 310–313. IEEE (2012)
Yu, F., Muath, A., Tevfik, B.: Stranger: an automata based string analysis tool for PHP. Tools and algorithms for the construction and analysis of systems, pp. 154–157. Springer (2010)
CHalfond, W., Orso, A.: AMNESIA: analysis and monitoring for neutralizing SQL-injection attacks. In: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering, pp. 174–183 (2005)
Source Code Analysis Tools: Project homepage. https://www.owasp.org/index.php/Source_Code_Analysis_Tools
Choraś, M., Kozik, R., Puchalski, D.: Correlation approach for SQL injection attacks detection. In: Herrero, A., et al. (eds.) Advances in Intelligent and Soft Computing, vol. 189, pp. 177–186. Springer (2012)
Choraś, M., Kozik, R.: Real-time analysis of non-stationary and complex network related data for injection attempts detection. In: Proceedings of WSC17 Online Conference on Soft Computing in Industrial Applications, pp. 177–186 (2012)
Choraś, M., Kozik, R.: Evaluation of various techniques for SQL injection attack detection. In: Burduk, R. et al. (eds.) Proceedings of the 8th International Conference on Computer Recognition Systems (CORES 2013), Advances in Intelligent Systems and Computing, vol. 226, pp. 753–762. Springer (2013)
OWASP Top 10: The ten most critical web application security risks. http://www.snort.org/ (2013)
Welch, T.: A technique for high-performance data compression. IEEE Comput. 17(69), 8–19 (1984)
Ziv, J., Lempel, A.: A universal algorithm for sequential data compression. IEEE Trans. Inf. Theory 23, 337–343 (1977)
Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proceedings of ACM Symposium on Applied Computing, pp. 201–208 (2002)
Torrano-Gimnez, C., Prez-Villegas, A., lvarez, G.: The HTTP dataset CSIC 2010. http://users.aber.ac.uk/pds7/csic_dataset/csic2010http.html (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kozik, R., Choraś, M., Renk, R., Hołubowicz, W. (2015). Patterns Extraction Method for Anomaly Detection in HTTP Traffic. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds) International Joint Conference. CISIS 2015. Advances in Intelligent Systems and Computing, vol 369. Springer, Cham. https://doi.org/10.1007/978-3-319-19713-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-19713-5_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19712-8
Online ISBN: 978-3-319-19713-5
eBook Packages: EngineeringEngineering (R0)