Title :
Anomalous Payload Detection System Using Analysis of Frequent Sequential Pattern
Author :
Ma, Jun ; Dai, Guanzhong ; Zhou, Jing
Author_Institution :
Northwestern Polytech. Univ., Xi´´an, China
Abstract :
We present a new framework of anomalous payload detection system. First of all, frequent sequential patterns (FSPs) are mined from raw traffic payloads. Setting different supports, we have several level of description of normal payload. We extract each FSP feature using n-gram technique. Thus we can have a deeper insight of data flow. By using advanced clustering method to fulfill the feature reduction, we obtain a compact representative dataset which can be directly used to intelligent system. One-class SVM classifier is used to construct each detector and ensemble method is used to further improve the performance of system. Experimental results show that our anomalous payload detection system can effectively detect the mimicry attack and other stealthy exploits.
Keywords :
data mining; data reduction; feature extraction; pattern classification; pattern clustering; support vector machines; telecommunication security; telecommunication traffic; anomalous traffic payload detection system; compact representative dataset; data flow; ensemble method; feature reduction; frequent sequential pattern mining; intelligent system; mimicry attack detection; n-gram technique; one-class SVM classifier; pattern clustering; Clustering methods; Detectors; Feature extraction; Information analysis; Information security; Pattern analysis; Payloads; Support vector machines; Telecommunication traffic; Traffic control; Anomaly detection; SVM; frequent sequential patterns;
Conference_Titel :
Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
Conference_Location :
Xian
Print_ISBN :
978-0-7695-3744-3
DOI :
10.1109/IAS.2009.34
