HTTP attack detection using n-gram analysis
نویسندگان
چکیده
HTTP Attack Detection using N-gram Analysis by Adityaram Oza Previous research has shown that byte level analysis of HTTP traffic offers a practical solution to the problem of network intrusion detection and traffic analysis. Such an approach does not require any knowledge of applications running on web servers or any pre-processing of incoming data. In this project, we apply three ngram based techniques to the problem of HTTP attack detection. The goal of such techniques is to provide a first line of defense by filtering out the vast majority of benign HTTP traffic. We analyze our techniques in terms of accuracy of attack detection and performance. We show that our techniques provide more accurate detecting and are more efficient in comparison to a previously analyzed HMM-based technique.
منابع مشابه
Lightweight Phishing URLs Detection Using N-gram Features
Phishing is a kind of attack that belongs to social engineering and this attack seeks to trick people in order to let them reveal their confidential information. Several methods are introduced to detect phishing websites by using different types of features. Unfortunately, these techniques implemented for specific attack vector such as detecting phishing emails which make implementing wide scop...
متن کاملApplication Layer DDOS Attack Detection Using Hybrid Machine Learning Approach
Application Layer Distributed Denial of Service (App-DDoS) attack has become a major threat to web security. Attack detection is difficult as they mimic genuine user request. This paper proposes a clustering based correlation approach for detecting application layer DDoS attack on HTTP protocol. Proposed approach has two main modules ----Flow monitoring module and User behavior monitoring modul...
متن کاملAnagram: A Content Anomaly Detector Resistant to Mimicry Attack
In this paper, we present Anagram, a content anomaly detector that models a mixture of high-order n-grams (n > 1) designed to detect anomalous and “suspicious” network packet payloads. By using higher-order n-grams, Anagram can detect significant anomalous byte sequences and generate robust signatures of validated malicious packet content. The Anagram content models are implemented using highly...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملSecurity Evaluation of Pattern Classifier against Phishing URL Detection
— Pattern classification is a branch of machine learning that focuses on recognition of patterns and regularities in data. In adversarial applications like biometric authentication, spam filtering, network intrusion detection the pattern classification systems are used. Extending pattern classification theory and design methods to adversarial environment is thus a novel and very relevant resear...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Computers & Security
دوره 45 شماره
صفحات -
تاریخ انتشار 2014