Cart (Loading....) | Create Account
Close category search window
 

A framework for detecting anomalies in HTTP traffic using instance-based learning and k-nearest neighbor classification

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Kirchner, M. ; Dept. Secure Inf. Syst., Upper Austria Univ. of Appl. Sci., Hagenberg, Austria

Attacks against web applications and web-based services that use HTTP as a communication protocol pose a serious threat to today's information technology infrastructures. A common countermeasure is to apply misuse detection and prevention systems that compare the contents of HTTP traffic against signatures of known attacks, as it is for example done by web application firewalls. A serious drawback of these systems is the fact that the used signatures often are not tailored for the individual web applications to be protected. Furthermore, signatures can often be circumvented by rewriting attacks into different forms, resulting in successful exploitation and circumvention of a misuse detection or prevention system. This paper presents the design and implementation of an anomaly detection framework for HTTP traffic that operates without signatures of known attacks. It rather learns normal usage patterns of web-based applications by inspecting full HTTP request and response contents. The results are then used for anomaly detection. The framework automatically adjusts to the applications to be monitored, derives normal usage patterns and compares subsequent HTTP traffic to the built knowledge base.

Published in:

Security and Communication Networks (IWSCN), 2010 2nd International Workshop on

Date of Conference:

26-28 May 2010

Need Help?


IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2014 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.