Application attack detection system (AADS): An anomaly based behavior analysis approach

Ram Prasad Viswanathan, Youssif Al-Nashif, Salim Hariri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Network security, especially application layer security has gained importance with the rapid growth of web-based applications. Anomaly based approaches that profile the network traffic and look for abnormalities are effective against zero-day attacks. The complex nature of the web traffic, availability of multiple applications, privacy concerns and its own limitations make the development of such anomaly-based systems difficult. This paper proposes a framework for application layer anomaly detection. The framework uses a multiple model approach to detect anomalies. The framework encompasses a dedicated training phase to model the specific network traffic and a detection phase that can be deployed in real time. The framework has been applied to HTTP application traffic and multiple models have been developed. The experimental evaluation results of the AADS using multiple attack vectors have achieved a detection rate of almost 100%. In addition, the AADS has a false positive rate of 0.03%.

Original languageEnglish (US)
Title of host publicationProceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011
Pages150-156
Number of pages7
DOIs
StatePublished - Dec 1 2011
Event9th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2011 - Sharm El-Sheikh, Egypt
Duration: Dec 27 2011Dec 30 2011

Publication series

NameProceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
ISSN (Print)2161-5322
ISSN (Electronic)2161-5330

Other

Other9th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2011
CountryEgypt
CitySharm El-Sheikh
Period12/27/1112/30/11

Keywords

  • HTTP
  • anomaly
  • framework
  • multiple models
  • segregation

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Application attack detection system (AADS): An anomaly based behavior analysis approach'. Together they form a unique fingerprint.

  • Cite this

    Viswanathan, R. P., Al-Nashif, Y., & Hariri, S. (2011). Application attack detection system (AADS): An anomaly based behavior analysis approach. In Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011 (pp. 150-156). [6126606] (Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA). https://doi.org/10.1109/AICCSA.2011.6126606