Adapting an Ensemble of One-Class Classifiers for a Web-Layer Anomaly Detection System

The problem of web-layer security has recently become an important research topic. This happens due to the fact that it is relatively easier to identify an exploit in a vulnerable web page than in the operating system or a web-server, for instance. Therefore, these have become a common element in many attack vectors. In this paper we propose a machine-learning web-layer anomaly detection system that adapts a packet segmentation mechanism and an ensemble of one-class classifiers. In our approach we particularly focus on packet structure analysis, classifiers hybridisation, and the problem of data imbalance. Our experiments conducted on publicly available benchmark database show that the proposed technique allows us to achieve better results than a classical approach using payload statistics.