{"title":"距离图:一种新的基于有效载荷的网络流量异常检测技术","authors":"Mayank Swarnkar, N. Hubballi","doi":"10.1109/ANTS.2015.7413635","DOIUrl":null,"url":null,"abstract":"Application specific intrusion detection methods are used to detect network intrusions targeted at applications. Normally such detection methods require payload or packet content analysis. One of the prominent method of payload modeling and analysis is sequence or ngram modeling. Normally ngrams generated from a packet are compared with a database of ngrams seen during training phase. Depending on the number of ngrams found or not found in the packet it is labeled either as normal or anomalous. Previous methods use either presence or absence of ngram in training dataset or use frequency of its occurrence in the entire training dataset. This approach results into many false positives and false negatives. In this paper we propose a novel payload analysis technique for the detection of Zero day attacks against web traffic. We consider the minimum and maximum occurrence frequency of a particular ngram from a packet in training dataset and find deviations from this range to detect anomalies. Experiments on a large dataset has shown good detection rate with low false positives.","PeriodicalId":347920,"journal":{"name":"2015 IEEE International Conference on Advanced Networks and Telecommuncations Systems (ANTS)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Rangegram: A novel payload based anomaly detection technique against web traffic\",\"authors\":\"Mayank Swarnkar, N. Hubballi\",\"doi\":\"10.1109/ANTS.2015.7413635\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Application specific intrusion detection methods are used to detect network intrusions targeted at applications. Normally such detection methods require payload or packet content analysis. One of the prominent method of payload modeling and analysis is sequence or ngram modeling. Normally ngrams generated from a packet are compared with a database of ngrams seen during training phase. Depending on the number of ngrams found or not found in the packet it is labeled either as normal or anomalous. Previous methods use either presence or absence of ngram in training dataset or use frequency of its occurrence in the entire training dataset. This approach results into many false positives and false negatives. In this paper we propose a novel payload analysis technique for the detection of Zero day attacks against web traffic. We consider the minimum and maximum occurrence frequency of a particular ngram from a packet in training dataset and find deviations from this range to detect anomalies. Experiments on a large dataset has shown good detection rate with low false positives.\",\"PeriodicalId\":347920,\"journal\":{\"name\":\"2015 IEEE International Conference on Advanced Networks and Telecommuncations Systems (ANTS)\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE International Conference on Advanced Networks and Telecommuncations Systems (ANTS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ANTS.2015.7413635\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Advanced Networks and Telecommuncations Systems (ANTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ANTS.2015.7413635","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Rangegram: A novel payload based anomaly detection technique against web traffic
Application specific intrusion detection methods are used to detect network intrusions targeted at applications. Normally such detection methods require payload or packet content analysis. One of the prominent method of payload modeling and analysis is sequence or ngram modeling. Normally ngrams generated from a packet are compared with a database of ngrams seen during training phase. Depending on the number of ngrams found or not found in the packet it is labeled either as normal or anomalous. Previous methods use either presence or absence of ngram in training dataset or use frequency of its occurrence in the entire training dataset. This approach results into many false positives and false negatives. In this paper we propose a novel payload analysis technique for the detection of Zero day attacks against web traffic. We consider the minimum and maximum occurrence frequency of a particular ngram from a packet in training dataset and find deviations from this range to detect anomalies. Experiments on a large dataset has shown good detection rate with low false positives.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
