Anomalous payload detection system using analysis of frequent sequential pattern
We present a new framework of anomalous payload detection system. First of all, frequent sequential patterns (FSPs) are mined from raw traffic payloads. Setting different supports, we have several level of description of normal payload. We extract each FSP feature using n-gram technique. Thus we can have a deeper insight of data flow. By using advanced clustering method to fulfill the feature reduction, we obtain a compact representative dataset which can be directly used to intelligent system. One-class SVM classifier is used to construct each detector and ensemble method is used to further improve the performance of system. Experimental results show that our anomalous payload detection system can effectively detect the mimicry attack and other stealthy exploits.
Jun Ma GuanZhong Dai Jing Zhou
Northwestern Polytechnical University,XiAn,ShaanXi Province,China
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
75-78
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)