Title :
Application-layer anomaly detection based on application-layer protocols´ keywords
Author :
Bailin Xie ; Qiansheng Zhang
Author_Institution :
Cisco Sch. of Inf., Guangdong Univ. of Foreign Studies, Guangzhou, China
Abstract :
Nowadays most network-based attacks are based on application-layer protocols and don´t present significant difference in network traffic. Observed from the network-layer and transport-layer, these attacks may not contain significant malicious activities, and generate abnormal network traffic. So it is difficult for existing methods to effectively detect such application-layer attacks without special techniques. In theory, application-layer anomaly detection can detect the known, unknown and novel attacks happened on application-layer, therefore the research of application-layer anomaly detection is very important. This paper presents an application-layer anomaly detection method based on application-layer protocols´ keywords. In this method, the keywords of an application-layer protocol and their inter-arrival times are used as the observations, a hidden semi-Markov model is used to describe the behaviors of a normal user who is using the application-layer protocol. The experimental results show that this method has high detection accuracy and low false positive ratio.
Keywords :
computer network security; hidden Markov models; transport protocols; abnormal network traffic; application-layer anomaly detection; application-layer attacks; application-layer protocol keywords; hidden semiMarkov model; interarrival times; anomaly detection; application-layer; hidden semi-Markov model; protocols´ keywords;
Conference_Titel :
Computer Science and Network Technology (ICCSNT), 2012 2nd International Conference on
Conference_Location :
Changchun
Print_ISBN :
978-1-4673-2963-7
DOI :
10.1109/ICCSNT.2012.6526339