Evolutionary‐based packets classification for anomaly detection in web layer

In this paper, we propose a novel method for web layer anomaly detection. In contrast to the majority of other state of the art approaches, we do not adapt manually configured parsers or packet content type detection techniques to partition the request sent from clients to server. In our experiments...

Full description

Saved in:
Bibliographic Details
Published in:Security and communication networks 2016-10, Vol.9 (15), p.2901-2910
Main Authors: Kozik, Rafał, Choraś, Michał, Hołubowicz, Witold
Format: Article
Language:English
Subjects:
Algorithms
Anomalies
anomaly detection
application layer
Automation
cyber crime
cyber security
Degradation
evolutionary‐based packet segmentation
Extraction
Partitions
Servers
State of the art
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, we propose a novel method for web layer anomaly detection. In contrast to the majority of other state of the art approaches, we do not adapt manually configured parsers or packet content type detection techniques to partition the request sent from clients to server. In our experiments, we showed that making certain assumptions about the request content types may lead to the degradation of the detection performance. Therefore, we proposed unsupervised algorithm for automated packet structure extraction. We formulate this as the optimisation problem that is solved by means of genetic algorithm. Moreover, on top of the request segmentation schema, we provide the set of algorithms that measure statistics and apply machine learning techniques to solve the classification problems. The effectiveness of our methods is proved by the results achieved on the extended benchmark database. Copyright © 2016 John Wiley & Sons, Ltd. In this paper, we propose a novel method for web layer anomaly detection. In contrast to the majority of other state of the art approaches, we do not adapt manually configured parsers or packet content type detection techniques to partition the request sent from clients to server. In our experiments, we showed that making certain assumptions about the request content types may lead to the degradation of the detection performance. Therefore, we proposed unsupervised algorithm for automated packet structure extraction.
ISSN:1939-0114
1939-0122
DOI:10.1002/sec.1549