Title :
Comparative Analysis of HTTP Anomaly Detection Algorithms: DFA vs N-Grams
Author :
Lin, Li ; Leckie, Christopher ; Zhou, Chenfeng
Author_Institution :
Dept. of Comput. Sci. & Software Eng., Univ. of Melbourne, Melbourne, VIC, Australia
Abstract :
Anomaly detection techniques have the potential to secure web-based applications, although their high false positive rates and poor scalability prevent them from being deployed in practice. Most previous work has addressed part of this challenge by testing the effectiveness (accuracy) of HTTP anomaly detection algorithms, but has ignored their efficiency (or scalability). In this paper, we conduct an evaluation of the performance of anomaly detection algorithms in terms of both their accuracy and scalability. We conducted experiments for Deterministic Finite Automata (DFA) and N-Grams. The results suggest that both algorithms have limitations for practical usage, but DFA exhibit better performance than N-Grams. Several aspects of DFA are identified for further improvements.
Keywords :
Internet; deterministic automata; finite automata; hypermedia; security of data; HTTP anomaly detection algorithms; N-Grams; deterministic finite automata; web-based applications; Accuracy; Doped fiber amplifiers; Scalability; Servers; Testing; Training; Training data;
Conference_Titel :
Network and System Security (NSS), 2010 4th International Conference on
Conference_Location :
Melbourne, VIC
Print_ISBN :
978-1-4244-8484-3
Electronic_ISBN :
978-0-7695-4159-4
DOI :
10.1109/NSS.2010.49
