Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
6855533 | Expert Systems with Applications | 2016 | 10 Pages |
Abstract
We adapt one class Multinomial Naive Bayes classifier as anomaly detector for detecting HTTP attacks. OCPAD uses likelihood of each short sequence's occurrence in a payload of known non-malicious packets as a measure to derive the degree of maliciousness of a packet. In the training phase, OCPAD generates the likelihood range of each sequence's occurrence from every packet. In order to store the likelihood range of these sequences, we propose a novel and efficient data structure called ProbabilityâTree. In the testing phase, it treats a short sequence as anomalous if it is not found in the database or its likelihood of occurrence in a packet is not in the range found in training phase. Using the likelihood of anomalous short sequences, it generates a class label for a test packet. Our experiments with a large dataset of 1 million HTTP packets collected from an academic network revealed OCPAD has a high Detection Rate (up to 100%) compared to previous methods and acceptable rate of False Positives (less than 0.6%).
Keywords
Related Topics
Physical Sciences and Engineering
Computer Science
Artificial Intelligence
Authors
Mayank Swarnkar, Neminath Hubballi,