Neural Analysis of HTTP Traffic for Web Attack Detection

Hypertext Transfer Protocol (HTTP) is the cornerstone for information exchanging over the World Wide Web by a huge variety of devices. It means that a massive amount of information travels over such protocol on a daily basis. Thus, it is an appealing target for attackers and the number of web attacks has increased over recent years. To deal with this matter, neural projection architectures are proposed in present work to analyze HTTP traffic and detect attacks over such protocol. By the advanced and intuitive visualization facilities obtained by neural models, the proposed solution allows providing an overview of HTTP traffic as well as identifying anomalous situations, responding to the challenges presented by volume, dynamics and diversity of that traffic. The applied dimensionality reduction based on Neural Networks, enables the most interesting projections of an HTTP traffic dataset to be extracted.

[1]  Emilio Corchado,et al.  Maximum likelihood Hebbian rules , 2002, ESANN.

[2]  Roy T. Fielding,et al.  Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing , 2014, RFC.

[3]  Colin Fyfe,et al.  A Neural Network for PCA and Beyond , 1997, Neural Processing Letters.

[4]  Teuvo Kohonen,et al.  The self-organizing map , 1990 .

[5]  Álvaro Herrero,et al.  A Neural-Visualization IDS for Honeynet Data , 2012, Int. J. Neural Syst..

[6]  Álvaro Herrero,et al.  Neural visualization of network traffic data for intrusion detection , 2011, Appl. Soft Comput..

[7]  Helge J. Ritter,et al.  Neural computation and self-organizing maps - an introduction , 1992, Computation and neural systems series.

[8]  H. Hotelling Analysis of a complex of statistical variables into principal components. , 1933 .

[9]  Emilio Corchado,et al.  Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit , 2002, ICANN.

[10]  Emilio Corchado,et al.  Connectionist Techniques For The Identification And Suppression Of Interfering Underlying Factors , 2003, Int. J. Pattern Recognit. Artif. Intell..

[11]  Marc M. Van Hulle,et al.  Enhancing the Yield of High-Density electrode Arrays through Automated electrode Selection , 2012, Int. J. Neural Syst..

[12]  Karl Pearson F.R.S. LIII. On lines and planes of closest fit to systems of points in space , 1901 .

[13]  Michal Choras,et al.  Machine learning techniques applied to detect cyber attacks on web applications , 2015, Log. J. IGPL.

[14]  Jeanny Hérault,et al.  Curvilinear component analysis: a self-organizing neural network for nonlinear mapping of data sets , 1997, IEEE Trans. Neural Networks.

[15]  Javier Bajo,et al.  idMAS-SQL: Intrusion Detection Based on MAS to Detect and Block SQL injection through data mining , 2013, Inf. Sci..

[16]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.

[17]  John R. Goodall,et al.  Visual Discovery in Computer Network Defense , 2007, IEEE Computer Graphics and Applications.

[18]  Judith M. Myerson,et al.  Identifying enterprise network vulnerabilities , 2002, Int. J. Netw. Manag..

[19]  Erkki Oja,et al.  Principal components, minor components, and linear neural networks , 1992, Neural Networks.

[20]  Гарнаева Мария Александровна,et al.  Kaspersky security Bulletin 2013 , 2014 .

[21]  Hai Thanh Nguyen,et al.  Anomalous Web Payload Detection: Evaluating the Resilience of 1-Grams Based Classifiers , 2014, IDC.