The HTTP Content Segmentation Method Combined with AdaBoost Classifier for Web-Layer Anomaly Detection System

In this paper we propose modifications to our machine-learning web-layer anomaly detection system that adapts HTTP content mechanism. Particularly we introduce more effective packet segmentation mechanism, adapt AdaBoost classifier, and present results on more challenging dataset. In this paper we also compared our approach with other techniques and reported the results of our experiments.

[1]  Pieter H. Hartel,et al.  POSEIDON: a 2-tier anomaly-based network intrusion detection system , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[2]  O. Gotoh Significant improvement in accuracy of multiple protein sequence alignments by iterative refinement as assessed by reference to structural alignments. , 1996, Journal of molecular biology.

[3]  Salvatore J. Stolfo,et al.  Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[4]  Stephanie Forrest,et al.  Learning DFA representations of HTTP for protecting web applications , 2007, Comput. Networks.

[5]  D. Higgins,et al.  See Blockindiscussions, Blockinstats, Blockinand Blockinauthor Blockinprofiles Blockinfor Blockinthis Blockinpublication Clustal: Blockina Blockinpackage Blockinfor Blockinperforming Multiple Blockinsequence Blockinalignment Blockinon Blockina Minicomputer Article Blockin Blockinin Blockin , 2022 .

[6]  Sandro Etalle,et al.  N-Gram against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols , 2012, RAID.

[7]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[8]  Alba Cristina Magalhaes Alves de Melo,et al.  MSA-GPU: Exact Multiple Sequence Alignment Using GPU , 2013, BSB.

[9]  Michal Choras,et al.  Patterns Extraction Method for Anomaly Detection in HTTP Traffic , 2015, CISIS-ICEUTE.

[10]  Wenke Lee,et al.  McPAD: A multiple classifier system for accurate payload-based anomaly detection , 2009, Comput. Networks.