An improved payload-based anomaly detector for web applications

被引：8

作者：

Jin, Xiaohui ^{[1
,2
]}

Cui, Baojiang ^{[1
,2
]}

Li, Dong ^{[3
]}

Cheng, Zishuai ^{[1
,2
]}

Yin, Congxin ^{[1
,2
]}

机构：

[1] Beijing Univ Posts & Telecommun, Sch Cyberspace Secur, Xitucheng Rd 10th, Beijing 100876, Peoples R China

[2] Natl Engn Lab Mobile Network Technol, Beijing, Peoples R China

[3] Inst China Gen Technol, Beijing, Peoples R China

来源：

JOURNAL OF NETWORK AND COMPUTER APPLICATIONS | 2018年 / 106卷

基金：

中国国家自然科学基金;

关键词：

Payload-based; Anomaly detection; Web applications; SYSTEM;

D O I：

10.1016/j.jnca.2018.01.002

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Payload-based anomaly detection can find out the malicious behavior hidden in network packets rather efficiently. It is quite suitable for securing web applications, which are used widely and a major concern of cyber security nowadays. Our research is based on McPAD. We argue that the assumption about the probability distribution of features in outlier class is not appropriate and figure out a more suitable distribution by analyzing the common types of web attacks. Furthermore, we propose a new mapping algorithm for dimensionality reduction in order to improve the performance of the original one. Finally, we try to speed up the training process without significantly affect the detection performance. The experimental results show that the training time can be reduced by an average of 24.75%.

引用

页码：111 / 116

页数：6

共 50 条

[1] PU Learning in Payload-based Web Anomaly Detection
Luo, Yuxuan
Cheng, Shaoyin
Liu, Chong
Jiang, Fan
[J]. 2018 THIRD INTERNATIONAL CONFERENCE ON SECURITY OF SMART CITIES, INDUSTRIAL CONTROL SYSTEM AND COMMUNICATIONS (SSIC), 2018,
[2] Attentional Payload Anomaly Detector for Web Applications
Qin, Zhi-Quan
Ma, Xing-Kong
Wang, Yong-Jun
[J]. NEURAL INFORMATION PROCESSING (ICONIP 2018), PT IV, 2018, 11304 : 588 - 599
[3] Payload-based anomaly detection using KPCA
Jia, Libin
Ma, Jun
Li, Lin
[J]. PROCEEDINGS OF 2009 INTERNATIONAL CONFERENCE OF MANAGEMENT ENGINEERING AND INFORMATION TECHNOLOGY, VOLS 1 AND 2, 2009, : 566 - 569
[4] CapBad: Content-Agnostic, Payload-Based Anomaly Detector for Industrial Control Protocols
Cai, Jun
Wang, Qi
Luo, Jianzhen
Liu, Yan
Liao, Liping
[J]. IEEE INTERNET OF THINGS JOURNAL, 2021, 9 (14): : 12542 - 12554
[5] McPAD: A multiple classifier system for accurate payload-based anomaly detection
Perdisci, Roberto
Ariu, Davide
Fogla, Prahlad
Giacinto, Giorgio
Lee, Wenke
[J]. COMPUTER NETWORKS, 2009, 53 (06) : 864 - 881
[6] Effective Dimensionality Reduction of Payload-Based Anomaly Detection in TMAD Model for HTTP Payload
Kakavand, Mohsen
Mustapha, Norwati
Mustapha, Aida
Abdullah, Mohd Taufik
[J]. KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, 2016, 10 (08): : 3884 - 3910
[7] Applying Feature Selection to Payload-Based Web Application Firewalls
Torrano-Gimenez, Carmen
Hai Thanh Nguyen
Alvarez, Gonzalo
Petrovic, Slobodan
Franke, Katrin
[J]. PROCEEDINGS OF THE 2011 3RD INTERNATIONAL WORKSHOP ON SECURITY AND COMMUNICATION NETWORKS (IWSCN 2011), 2011, : 75 - 81
[8] Payload-Based Web Attack Detection Using Deep Neural Network
Jin, Xiaohui
Cui, Baojiang
Yang, Jun
Cheng, Zishuai
[J]. ADVANCES ON BROAD-BAND WIRELESS COMPUTING, COMMUNICATION AND APPLICATIONS, BWCCA-2017, 2018, 12 : 482 - 488
[9] POCAD: a Novel Payload-based One-Class Classifier for Anomaly Detection
Xuan Nam Nguyen
Dai Tho Nguyen
Long Hai Vu
[J]. 2016 3RD NATIONAL FOUNDATION FOR SCIENCE AND TECHNOLOGY DEVELOPMENT CONFERENCE ON INFORMATION AND COMPUTER SCIENCE (NICS), 2016, : 74 - 79
[10] Payload-Based Packet Classification and Its Applications in Packet Forwarding Pipeline
Seridi, Mohammed Fekhreddine
[J]. NEW TRENDS IN DATABASES AND INFORMATION SYSTEMS, ADBIS 2018, 2018, 909 : 402 - 412

← 1 2 3 4 5 →