Application attack detection system (AADS): An anomaly based behavior analysis approach

Ram Prasad Viswanathan; Youssif Al-Nashif; Salim Hariri

doi:10.1109/AICCSA.2011.6126606

Application attack detection system (AADS): An anomaly based behavior analysis approach

Ram Prasad Viswanathan, Youssif Al-Nashif, Salim Hariri

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

Network security, especially application layer security has gained importance with the rapid growth of web-based applications. Anomaly based approaches that profile the network traffic and look for abnormalities are effective against zero-day attacks. The complex nature of the web traffic, availability of multiple applications, privacy concerns and its own limitations make the development of such anomaly-based systems difficult. This paper proposes a framework for application layer anomaly detection. The framework uses a multiple model approach to detect anomalies. The framework encompasses a dedicated training phase to model the specific network traffic and a detection phase that can be deployed in real time. The framework has been applied to HTTP application traffic and multiple models have been developed. The experimental evaluation results of the AADS using multiple attack vectors have achieved a detection rate of almost 100%. In addition, the AADS has a false positive rate of 0.03%.

Original language	English (US)
Title of host publication	Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011
Pages	150-156
Number of pages	7
DOIs	https://doi.org/10.1109/AICCSA.2011.6126606
State	Published - 2011
Event	9th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2011 - Sharm El-Sheikh, Egypt Duration: Dec 27 2011 → Dec 30 2011

Publication series

Name	Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
ISSN (Print)	2161-5322
ISSN (Electronic)	2161-5330

Other

Other	9th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2011
Country	Egypt
City	Sharm El-Sheikh
Period	12/27/11 → 12/30/11

Keywords

HTTP
anomaly
framework
multiple models
segregation

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture
Signal Processing
Control and Systems Engineering
Electrical and Electronic Engineering

Access to Document

10.1109/AICCSA.2011.6126606

Fingerprint Dive into the research topics of 'Application attack detection system (AADS): An anomaly based behavior analysis approach'. Together they form a unique fingerprint.

Cite this

Viswanathan, R. P., Al-Nashif, Y., & Hariri, S. (2011). Application attack detection system (AADS): An anomaly based behavior analysis approach. In Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011 (pp. 150-156). [6126606] (Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA). https://doi.org/10.1109/AICCSA.2011.6126606

Application attack detection system (AADS) : An anomaly based behavior analysis approach. / Viswanathan, Ram Prasad; Al-Nashif, Youssif; Hariri, Salim.

Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011. 2011. p. 150-156 6126606 (Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Viswanathan, RP, Al-Nashif, Y & Hariri, S 2011, Application attack detection system (AADS): An anomaly based behavior analysis approach. in Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011., 6126606, Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA, pp. 150-156, 9th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2011, Sharm El-Sheikh, Egypt, 12/27/11. https://doi.org/10.1109/AICCSA.2011.6126606

Viswanathan RP, Al-Nashif Y, Hariri S. Application attack detection system (AADS): An anomaly based behavior analysis approach. In Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011. 2011. p. 150-156. 6126606. (Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA). https://doi.org/10.1109/AICCSA.2011.6126606

Viswanathan, Ram Prasad ; Al-Nashif, Youssif ; Hariri, Salim. / Application attack detection system (AADS) : An anomaly based behavior analysis approach. Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011. 2011. pp. 150-156 (Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA).

@inproceedings{c13d0b8ffe6b429b8083577bc1c9cfd5,

title = "Application attack detection system (AADS): An anomaly based behavior analysis approach",

abstract = "Network security, especially application layer security has gained importance with the rapid growth of web-based applications. Anomaly based approaches that profile the network traffic and look for abnormalities are effective against zero-day attacks. The complex nature of the web traffic, availability of multiple applications, privacy concerns and its own limitations make the development of such anomaly-based systems difficult. This paper proposes a framework for application layer anomaly detection. The framework uses a multiple model approach to detect anomalies. The framework encompasses a dedicated training phase to model the specific network traffic and a detection phase that can be deployed in real time. The framework has been applied to HTTP application traffic and multiple models have been developed. The experimental evaluation results of the AADS using multiple attack vectors have achieved a detection rate of almost 100%. In addition, the AADS has a false positive rate of 0.03%.",

keywords = "HTTP, anomaly, framework, multiple models, segregation",

author = "Viswanathan, {Ram Prasad} and Youssif Al-Nashif and Salim Hariri",

note = "Copyright: Copyright 2012 Elsevier B.V., All rights reserved.; 9th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2011 ; Conference date: 27-12-2011 Through 30-12-2011",

year = "2011",

doi = "10.1109/AICCSA.2011.6126606",

language = "English (US)",

isbn = "9781457704741",

series = "Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA",

pages = "150--156",

booktitle = "Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011",

}

TY - GEN

T1 - Application attack detection system (AADS)

T2 - 9th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2011

AU - Viswanathan, Ram Prasad

AU - Al-Nashif, Youssif

AU - Hariri, Salim

PY - 2011

Y1 - 2011

N2 - Network security, especially application layer security has gained importance with the rapid growth of web-based applications. Anomaly based approaches that profile the network traffic and look for abnormalities are effective against zero-day attacks. The complex nature of the web traffic, availability of multiple applications, privacy concerns and its own limitations make the development of such anomaly-based systems difficult. This paper proposes a framework for application layer anomaly detection. The framework uses a multiple model approach to detect anomalies. The framework encompasses a dedicated training phase to model the specific network traffic and a detection phase that can be deployed in real time. The framework has been applied to HTTP application traffic and multiple models have been developed. The experimental evaluation results of the AADS using multiple attack vectors have achieved a detection rate of almost 100%. In addition, the AADS has a false positive rate of 0.03%.

AB - Network security, especially application layer security has gained importance with the rapid growth of web-based applications. Anomaly based approaches that profile the network traffic and look for abnormalities are effective against zero-day attacks. The complex nature of the web traffic, availability of multiple applications, privacy concerns and its own limitations make the development of such anomaly-based systems difficult. This paper proposes a framework for application layer anomaly detection. The framework uses a multiple model approach to detect anomalies. The framework encompasses a dedicated training phase to model the specific network traffic and a detection phase that can be deployed in real time. The framework has been applied to HTTP application traffic and multiple models have been developed. The experimental evaluation results of the AADS using multiple attack vectors have achieved a detection rate of almost 100%. In addition, the AADS has a false positive rate of 0.03%.

KW - HTTP

KW - anomaly

KW - framework

KW - multiple models

KW - segregation

UR - http://www.scopus.com/inward/record.url?scp=84857698681&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84857698681&partnerID=8YFLogxK

U2 - 10.1109/AICCSA.2011.6126606

DO - 10.1109/AICCSA.2011.6126606

M3 - Conference contribution

AN - SCOPUS:84857698681

SN - 9781457704741

T3 - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA

SP - 150

EP - 156

BT - Proceedings of the 2011 9th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2011

Y2 - 27 December 2011 through 30 December 2011

ER -