An improved payload-based anomaly detector for web applications

Payload-based anomaly detection can find out the malicious behavior hidden in network packets rather efficiently. It is quite suitable for securing web applications, which are used widely and a major concern of cyber security nowadays. Our research is based on McPAD. We argue that the assumption about the probability distribution of features in outlier class is not appropriate and figure out a more suitable distribution by analyzing the common types of web attacks. Furthermore, we propose a new mapping algorithm for dimensionality reduction in order to improve the performance of the original one. Finally, we try to speed up the training process without significantly affect the detection performance. The experimental results show that the training time can be reduced by an average of 24.75%.