By Topic

Anomaly Detection for Application Level Network Attacks Using Payload Keywords

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Like Zhang ; Dept. of Comput. Sci., Texas Univ., San Antonio, TX ; White, Gregory B.

Network anomaly intrusion detection is designed to provide in-depth defense against zero-day attacks. However, attacks often occur at the application level, which means they are payload associated. Since traditional anomaly detection works by monitoring packet headers it provides little support for defending against such activities. In this paper, we will explore how the packet payload can be used for identifying application level attacks. First we will discuss the current status of network anomaly detection, and emphasize the importance of payload based detection research using existing problems. Then we provide a brief introduction to several related approaches on this topic. Based on the discussion, an efficient method to detect payload related attacks will then be proposed. The method is divided into a training phase and a detection phase. In the training phase, we will perform principal component analysis (PCA) on several important packet fields to reduce the data dimension, and then construct the most appropriate profile based on the PCA results. In the detection phase, an anomaly score will be assigned to each incoming packet based on the profile. We then present the experiment based on the DARPA '99 dataset with details to explain our approach. Comparison with other similar mechanisms demonstrates the advantage of the proposed method at identifying payload related attacks.

Published in:

Computational Intelligence in Security and Defense Applications, 2007. CISDA 2007. IEEE Symposium on

Date of Conference:

1-5 April 2007