Abstract
In this paper we propose modifications to our machine-learning web-layer anomaly detection system that adapts HTTP content mechanism. Particularly we introduce more effective packet segmentation mechanism, adapt AdaBoost classifier, and present results on more challenging dataset. In this paper we also compared our approach with other techniques and reported the results of our experiments.
This is a preview of subscription content, log in via an institution.
References
Kozik, R., Choraś, M., Renk, R., Holubowicz, W.: Patterns extraction method for anomaly detection in HTTP traffic. In: Herrero, A., Baruque, B., Sedano, J., Quintan, H., Corchado, E. (eds.) International Joint Conference CISIS 2015 and ICEUTE 2015, Advances in Intelligent Systems and Computing, pp. 227–236. Springer, Switzerland (2015)
ModSecurity project homepage. https://www.modsecurity.org/
PHPIDS project homepage. https://github.com/PHPIDS/PHPIDS
NAXSI project homepage. https://github.com/nbs-system/naxsi
NGINX project homepage. http://nginx.org/en/
Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 251–261 (2003)
Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning DFA representations of HTTP for protecting web applications. Comput. Netw. 51(5), 1239–1255 (2007)
Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-Gram against the machine: on the feasibility of the n-gram network analysis for binary protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354–373. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33338-5_18
Bolzoni, D., Zambon, E., Etalle, S., Hartel, PH.: POSEIDON: a 2-tier anomaly-based network intrusion detection system. In: IWIA 2006: Proceedings of 4th IEEE International Workshop on Information Assurance, pp. 144–156 (2006)
Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: a content anomaly detector resistant to mimicry attack. In: Recent Advances in Intrusion Detection, pp. 226–248 (2006)
Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009)
Sundfeld, D., Melo, A.C.M.A.: MSA-GPU: exact multiple sequence alignment using GPU. In: Setubal, J.C., Almeida, N.F. (eds.) BSB 2013. LNCS, vol. 8213, pp. 47–58. Springer, Heidelberg (2013). doi:10.1007/978-3-319-02624-4_5
Higgins, D.G., Sharp, P.M.: Clustal: a package for performing alignment on a microcomputer. Gene 73, 237–244 (1988)
Gotoh, O.: Sequence alignments by iterative refinement as assessed by reference to structural alignments. J. Mol. Biol. 264(4), 823–838 (1996)
Wozniak, M.: Hybrid Classifiers: Methods of Data, Knowledge, and Classifiers Combination. Springer Series in Studies in Computational Intelligence. Springer, Heidelberg (2013)
Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques. Data Management Systems, 2nd edn. Morgan Kaufmann, USA (2005)
Torrano-Gimnez, C., Prez-Villegas, A., Alvarez, G.: The HTTP dataset CSIC (2010). http://users.aber.ac.uk/pds7/csic_dataset/csic2010http.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Kozik, R., Choraś, M. (2017). The HTTP Content Segmentation Method Combined with AdaBoost Classifier for Web-Layer Anomaly Detection System. In: Graña, M., López-Guede, J.M., Etxaniz, O., Herrero, Á., Quintián, H., Corchado, E. (eds) International Joint Conference SOCO’16-CISIS’16-ICEUTE’16. SOCO CISIS ICEUTE 2016 2016 2016. Advances in Intelligent Systems and Computing, vol 527. Springer, Cham. https://doi.org/10.1007/978-3-319-47364-2_54
Download citation
DOI: https://doi.org/10.1007/978-3-319-47364-2_54
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47363-5
Online ISBN: 978-3-319-47364-2
eBook Packages: EngineeringEngineering (R0)