Intrusion detection using GSAD model for HTTP traffic on web services

Aruna Jamdagni*, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

17 Citations (Scopus)

Abstract

Intrusion detection systems are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. Hypertext Transport Protocol (HTTP) is used for new applications without much interference. In this paper, we focus on intrusion detection of HTTP traffic by applying pattern recognition techniques using our Geometrical Structure Anomaly Detection (GSAD) model. Experimental results reveal that features extracted from HTTP request using GSAD model can be used to distinguish anomalous traffic from normal traffic, and attacks carried out over HTTP traffic can be identified. We evaluate and compare our results with the results of PAYL intrusion detection systems for the test of DARPA 1999 IDS data set. The results show GSAD has high detection rates and low false positive rates.

Original languageEnglish
Title of host publicationIWCMC 2010 - Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Place of PublicationNew York
PublisherACM
Pages1193-1197
Number of pages5
ISBN (Print)9781450300629
DOIs
Publication statusPublished - 2010
Externally publishedYes
Event6th International Wireless Communications and Mobile Computing Conference, IWCMC 2010 - Caen, France
Duration: 28 Jun 20102 Jul 2010

Other

Other6th International Wireless Communications and Mobile Computing Conference, IWCMC 2010
CountryFrance
CityCaen
Period28/06/102/07/10

Keywords

  • Attack
  • GSAD model
  • HTTP
  • Intrusion detection
  • Payload

Fingerprint Dive into the research topics of 'Intrusion detection using GSAD model for HTTP traffic on web services'. Together they form a unique fingerprint.

Cite this