论文信息 - Patterns Extraction Method for Anomaly Detection in HTTP Traffic

Patterns Extraction Method for Anomaly Detection in HTTP Traffic

In this paper the new pattern extraction method for HTTP traffic anomaly detection is proposed. The method is based on innovative combination of (i) text segmentation technique—used to identify some common parts (tokens) of requests and (ii) statistical analysis—that captures the dynamic properties (variables) of data between tokens. In result, such approach allows to capture the structure of the message body received from the consecutive requests. Our experiments show that this technique allows for significant improvement of effectiveness when compared to other techniques that treat the message body as the whole. Another advantage is the fact that our tool does not need any prior knowledge about protocols and APIs that use HTTP as a transportation mean (e.g. RESTFull API, SOAP, etc.).

Michal Choras | Rafal Kozik | Rafal Renk | Witold Holubowicz

[1] PageKicker Robot Phil. OWASP Top 10: The Top 10 Most Critical Web Application Security Threats Enhanced with Text Analytics and Content by PageKicker Robot Phil 73 , 2014 .

[2] Michał Choraś,et al. Real-Time Analysis of Non-stationary and Complex Network Related Data for Injection Attempts Detection , 2014 .

[3] Alessandro Orso,et al. AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[4] Fang Yu,et al. Stranger: An Automata-Based String Analysis Tool for PHP , 2010, TACAS.

[5] Michal Choras,et al. Evaluation of Various Techniques for SQL Injection Attack Detection , 2013, CORES.

[6] Lwin Khin Shar,et al. Predicting common web application vulnerabilities from input validation and sanitization code patterns , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[7] Christopher Krügel,et al. Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[8] Abraham Lempel,et al. A universal algorithm for sequential data compression , 1977, IEEE Trans. Inf. Theory.

[9] Michal Choras,et al. Correlation Approach for SQL Injection Attacks Detection , 2012, CISIS/ICEUTE/SOCO Special Sessions.

[10] Terry A. Welch,et al. A Technique for High-Performance Data Compression , 1984, Computer.