Anomalous Payload Detection System Using Analysis of Frequent Sequential Pattern

Author

Ma, Jun ; Dai, Guanzhong ; Zhou, Jing

Author_Institution

Northwestern Polytech. Univ., Xi´´an, China

Volume

1

fYear

2009

fDate

18-20 Aug. 2009

Firstpage

75

Lastpage

78

Abstract

We present a new framework of anomalous payload detection system. First of all, frequent sequential patterns (FSPs) are mined from raw traffic payloads. Setting different supports, we have several level of description of normal payload. We extract each FSP feature using n-gram technique. Thus we can have a deeper insight of data flow. By using advanced clustering method to fulfill the feature reduction, we obtain a compact representative dataset which can be directly used to intelligent system. One-class SVM classifier is used to construct each detector and ensemble method is used to further improve the performance of system. Experimental results show that our anomalous payload detection system can effectively detect the mimicry attack and other stealthy exploits.

Keywords

data mining; data reduction; feature extraction; pattern classification; pattern clustering; support vector machines; telecommunication security; telecommunication traffic; anomalous traffic payload detection system; compact representative dataset; data flow; ensemble method; feature reduction; frequent sequential pattern mining; intelligent system; mimicry attack detection; n-gram technique; one-class SVM classifier; pattern clustering; Clustering methods; Detectors; Feature extraction; Information analysis; Information security; Pattern analysis; Payloads; Support vector machines; Telecommunication traffic; Traffic control; Anomaly detection; SVM; frequent sequential patterns;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance and Security, 2009. IAS '09. Fifth International Conference on

Conference_Location

Xian

Print_ISBN

978-0-7695-3744-3

Type

conf

DOI

10.1109/IAS.2009.34

Filename

5283418