Using artificial packets for training network payload anomaly detection systems

Attacks on web servers are becoming increasingly prevalent, and the social and economic impact of a successful attack are also increasing. There are many existing attack detection and prevention schemes, which must be carefully configured and utilized together to provide the highest level of protection possible. To this end, we must continue to analyze existing techniques and develop new methods for practical deployment and implementation. In this paper, we present a study on utilizing artificially formed network packets to aid in tuning payload anomaly detection when real collected traffic may not be available (especially as concept-drift occurs) for continuous updates. Our results show that the method has potential for use for certain systems, where high detection rates can be achieved while maintaining low false positive rates.

[1]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[2]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[3]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[4]  Magnus Almgren,et al.  Application-Integrated Data Collection for Security Monitoring , 2001, Recent Advances in Intrusion Detection.

[5]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[6]  Sun-il Kim,et al.  On GPU accelerated tuning for a payload anomaly-based network intrusion detection scheme , 2014, CISR '14.

[7]  Marc Dacier,et al.  A Lightweight Tool for Detecting Web Server Attacks , 2000, NDSS.

[8]  Blake Johnson,et al.  On network intrusion detection for deployment in the wild , 2012, 2012 IEEE Network Operations and Management Symposium.

[9]  Adeel Akram,et al.  Comparative Evaluation of Header vs. Payload based Network Anomaly Detectors , 2009 .

[10]  Maghsoud Abbaspour,et al.  Adaptive Anomaly-Based Intrusion Detection System Using Fuzzy Controller , 2012, Int. J. Netw. Secur..

[11]  Christopher Krügel,et al.  Protecting a Moving Target: Addressing Web Application Concept Drift , 2009, RAID.

[12]  M. Sadiq Ali Khan,et al.  Rule based Network Intrusion Detection using Genetic Algorithm , 2011 .

[13]  Thanunchai Threepak,et al.  Web attack detection using entropy-based analysis , 2014, The International Conference on Information Networking 2014 (ICOIN2014).

[14]  Philip K. Chan,et al.  Learning nonstationary models of normal network traffic for detecting novel attacks , 2002, KDD.

[15]  Timo Hämäläinen,et al.  Analysis of HTTP Requests for Anomaly Detection of Web Attacks , 2014, 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing.

[16]  Ali A. Ghorbani,et al.  IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART C: APPLICATIONS AND REVIEWS 1 Toward Credible Evaluation of Anomaly-Based Intrusion-Detection Methods , 2022 .

[17]  Joni da Silva Fraga,et al.  Octopus-IIDS: An anomaly based intelligent intrusion detection system , 2010, The IEEE symposium on Computers and Communications.