Open Access Open Access  Restricted Access Subscription Access

Compression-Based Anomaly Detection: Resistance to Dynamic Environment for Web Security in A Robust Manner

Jun Ma,
Jianguo Yao,

Abstract


Most anomaly detectors, designed under assumption of stationery data stream, are showing their limitations to handle the challenges issued by the highly dynamic characteristic of Web traffic and the adversaries at the same time. As a consequence, the tasks of feature extraction, and detectors training should be adapted to dynamic environment, and be sensitive to the malicious data. In this paper, we present a detection model, a new accurate Web anomaly detector that makes a multidisciplinary cooperation between compression and variational segment model. The intrinsic features of the request can be obtained using the compression-based probability estimation, and the fine-grained structure analysis of the web request is also guaranteed. We show that our anomaly detector is accurate in detecting Web attacks that bear some polymorphic fragments in requests, and the false positive rates is very low in the Web dynamic environment.

Keywords


Anomaly detection; Compression; Web attack

Citation Format:
Jun Ma, Jianguo Yao, "Compression-Based Anomaly Detection: Resistance to Dynamic Environment for Web Security in A Robust Manner," Journal of Internet Technology, vol. 18, no. 3 , pp. 509-520, May. 2017.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.





Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Library and Information Center, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd. Shoufeng, Hualien 97401, Taiwan, R.O.C.
Tel: +886-3-931-7017  E-mail: jit.editorial@gmail.com