A novel framework for active detection of HTTP based attacks

Liang Jie; Sun Jianwei; Hu Changzhen

doi:10.1007/978-3-642-21762-3_53

A novel framework for active detection of HTTP based attacks

Liang Jie^*, Sun Jianwei, Hu Changzhen

^*Corresponding author for this work

School of Cyberspace Science and Technology

Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Web application vulnerabilities represent a substantial portion of the security exposures of computer networks. Considering HTTP protocol is stateless, we explore the effectiveness of HTTP-session model to effectively describe http behavior. Based on the HTTP-session model and the analysis of http attack behavior, we present a novel framework to actively detect http attacks. Our method takes http requests as input and calculates anomalous probability for each session attribute and for the session as a whole as output. All the probabilities are weighted and summed up to produce final probability, and this probability is used to decide whether http session is attack or not. We demonstrate the effectiveness of the proposed methods via simulation studies using real-world web access logs. Experiments prove that our detection framework achieves high detection rates under very few false positives.

Original language	English
Title of host publication	Communication Systems and Information Technology - Selected Papers from the 2011 International Conference on Electric and Electronics, EEIC 2011
Pages	411-418
Number of pages	8
Edition	VOL. 4
DOIs	https://doi.org/10.1007/978-3-642-21762-3_53
Publication status	Published - 2011
Event	2011 International Conference on Electric and Electronics, EEIC 2011 - Nanchang, China Duration: 20 Jun 2011 → 22 Jun 2011

Publication series

Name	Lecture Notes in Electrical Engineering
Number	VOL. 4
Volume	100 LNEE
ISSN (Print)	1876-1100
ISSN (Electronic)	1876-1119

Conference

Conference	2011 International Conference on Electric and Electronics, EEIC 2011
Country/Territory	China
City	Nanchang
Period	20/06/11 → 22/06/11

Keywords

HTTP-session
anomaly detection
http attacks

Access to Document

10.1007/978-3-642-21762-3_53

Cite this

Jie, L., Jianwei, S., & Changzhen, H. (2011). A novel framework for active detection of HTTP based attacks. In Communication Systems and Information Technology - Selected Papers from the 2011 International Conference on Electric and Electronics, EEIC 2011 (VOL. 4 ed., pp. 411-418). (Lecture Notes in Electrical Engineering; Vol. 100 LNEE, No. VOL. 4). https://doi.org/10.1007/978-3-642-21762-3_53

@inproceedings{b0a7382562cb4cc395a2352233224d20,

title = "A novel framework for active detection of HTTP based attacks",

abstract = "Web application vulnerabilities represent a substantial portion of the security exposures of computer networks. Considering HTTP protocol is stateless, we explore the effectiveness of HTTP-session model to effectively describe http behavior. Based on the HTTP-session model and the analysis of http attack behavior, we present a novel framework to actively detect http attacks. Our method takes http requests as input and calculates anomalous probability for each session attribute and for the session as a whole as output. All the probabilities are weighted and summed up to produce final probability, and this probability is used to decide whether http session is attack or not. We demonstrate the effectiveness of the proposed methods via simulation studies using real-world web access logs. Experiments prove that our detection framework achieves high detection rates under very few false positives.",

keywords = "HTTP-session, anomaly detection, http attacks",

author = "Liang Jie and Sun Jianwei and Hu Changzhen",

year = "2011",

doi = "10.1007/978-3-642-21762-3_53",

language = "English",

isbn = "9783642217616",

series = "Lecture Notes in Electrical Engineering",

number = "VOL. 4",

pages = "411--418",

booktitle = "Communication Systems and Information Technology - Selected Papers from the 2011 International Conference on Electric and Electronics, EEIC 2011",

edition = "VOL. 4",

note = "2011 International Conference on Electric and Electronics, EEIC 2011 ; Conference date: 20-06-2011 Through 22-06-2011",

}

Jie, L, Jianwei, S & Changzhen, H 2011, A novel framework for active detection of HTTP based attacks. in Communication Systems and Information Technology - Selected Papers from the 2011 International Conference on Electric and Electronics, EEIC 2011. VOL. 4 edn, Lecture Notes in Electrical Engineering, no. VOL. 4, vol. 100 LNEE, pp. 411-418, 2011 International Conference on Electric and Electronics, EEIC 2011, Nanchang, China, 20/06/11. https://doi.org/10.1007/978-3-642-21762-3_53

A novel framework for active detection of HTTP based attacks. / Jie, Liang; Jianwei, Sun; Changzhen, Hu.
Communication Systems and Information Technology - Selected Papers from the 2011 International Conference on Electric and Electronics, EEIC 2011. VOL. 4. ed. 2011. p. 411-418 (Lecture Notes in Electrical Engineering; Vol. 100 LNEE, No. VOL. 4).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A novel framework for active detection of HTTP based attacks

AU - Jie, Liang

AU - Jianwei, Sun

AU - Changzhen, Hu

PY - 2011

Y1 - 2011

N2 - Web application vulnerabilities represent a substantial portion of the security exposures of computer networks. Considering HTTP protocol is stateless, we explore the effectiveness of HTTP-session model to effectively describe http behavior. Based on the HTTP-session model and the analysis of http attack behavior, we present a novel framework to actively detect http attacks. Our method takes http requests as input and calculates anomalous probability for each session attribute and for the session as a whole as output. All the probabilities are weighted and summed up to produce final probability, and this probability is used to decide whether http session is attack or not. We demonstrate the effectiveness of the proposed methods via simulation studies using real-world web access logs. Experiments prove that our detection framework achieves high detection rates under very few false positives.

AB - Web application vulnerabilities represent a substantial portion of the security exposures of computer networks. Considering HTTP protocol is stateless, we explore the effectiveness of HTTP-session model to effectively describe http behavior. Based on the HTTP-session model and the analysis of http attack behavior, we present a novel framework to actively detect http attacks. Our method takes http requests as input and calculates anomalous probability for each session attribute and for the session as a whole as output. All the probabilities are weighted and summed up to produce final probability, and this probability is used to decide whether http session is attack or not. We demonstrate the effectiveness of the proposed methods via simulation studies using real-world web access logs. Experiments prove that our detection framework achieves high detection rates under very few false positives.

KW - HTTP-session

KW - anomaly detection

KW - http attacks

UR - http://www.scopus.com/inward/record.url?scp=84856954964&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-21762-3_53

DO - 10.1007/978-3-642-21762-3_53

M3 - Conference contribution

AN - SCOPUS:84856954964

SN - 9783642217616

T3 - Lecture Notes in Electrical Engineering

SP - 411

EP - 418

BT - Communication Systems and Information Technology - Selected Papers from the 2011 International Conference on Electric and Electronics, EEIC 2011

T2 - 2011 International Conference on Electric and Electronics, EEIC 2011

Y2 - 20 June 2011 through 22 June 2011

ER -

A novel framework for active detection of HTTP based attacks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this