TY - GEN
T1 - Application attack detection system (AADS)
T2 - 9th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2011
AU - Viswanathan, Ram Prasad
AU - Al-Nashif, Youssif
AU - Hariri, Salim
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2011
Y1 - 2011
N2 - Network security, especially application layer security has gained importance with the rapid growth of web-based applications. Anomaly based approaches that profile the network traffic and look for abnormalities are effective against zero-day attacks. The complex nature of the web traffic, availability of multiple applications, privacy concerns and its own limitations make the development of such anomaly-based systems difficult. This paper proposes a framework for application layer anomaly detection. The framework uses a multiple model approach to detect anomalies. The framework encompasses a dedicated training phase to model the specific network traffic and a detection phase that can be deployed in real time. The framework has been applied to HTTP application traffic and multiple models have been developed. The experimental evaluation results of the AADS using multiple attack vectors have achieved a detection rate of almost 100%. In addition, the AADS has a false positive rate of 0.03%.
AB - Network security, especially application layer security has gained importance with the rapid growth of web-based applications. Anomaly based approaches that profile the network traffic and look for abnormalities are effective against zero-day attacks. The complex nature of the web traffic, availability of multiple applications, privacy concerns and its own limitations make the development of such anomaly-based systems difficult. This paper proposes a framework for application layer anomaly detection. The framework uses a multiple model approach to detect anomalies. The framework encompasses a dedicated training phase to model the specific network traffic and a detection phase that can be deployed in real time. The framework has been applied to HTTP application traffic and multiple models have been developed. The experimental evaluation results of the AADS using multiple attack vectors have achieved a detection rate of almost 100%. In addition, the AADS has a false positive rate of 0.03%.
KW - HTTP
KW - anomaly
KW - framework
KW - multiple models
KW - segregation
UR - http://www.scopus.com/inward/record.url?scp=84857698681&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84857698681&partnerID=8YFLogxK
U2 - 10.1109/AICCSA.2011.6126606
DO - 10.1109/AICCSA.2011.6126606
M3 - Conference contribution
AN - SCOPUS:84857698681
SN - 9781457704741
T3 - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
SP - 150
EP - 156
BT - Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011
Y2 - 27 December 2011 through 30 December 2011
ER -