For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
An Efficient Mobile User Authentication Scheme with User Anonymity for Wireless Communications
p.906
Broadband Self-Organizing Network Channel Allocation
p.910
Cluster-Based Intrusion Detection Model for Wireless Sensor Network
p.914
Design and Implementation of a Fast Algorithm for File Integrity Verification
p.918
Detecting Application-Layer Attacks Based on Hidden Semi-Markov Models
p.923
Economics of Information Security Investment Integrated with IDS and Attacker’s Behavior
p.928
Improve Testing and Pre-Evaluating Expert System by Computer Networks and Security
p.932
Predictive Algorithm of Network Delay Based on Robust Kalman Filter
p.937
Protecting User’s Privacy from Browser-Based Attacks
p.941

Detecting Application-Layer Attacks Based on Hidden Semi-Markov Models

Article Preview

Abstract:

This paper presents an application-layer attack detection method based on hidden semi-markov models. In this method, the keywords of an application-layer protocol and their inter-arrival times are used as the observations, a hidden semi-markov model is used to describe the application-layer behaviors of a normal user who is using some application-layer protocol. This method is also based anomaly detection. In theory, application-layer anomaly detection can identify the known, unknown and novel attacks happened on application-layer. The experimental results show that this method can identify several application-layer attacks, and has high detection accuracy and low false positive ratio.

You might also be interested in these eBooks
Information Technology Applications in Industry III View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 631-632)

Pages:

923-927

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.631-632.923

Citation:

Cite this paper

Online since:

September 2014

Authors:

Bai Lin Xie*, Qian Sheng Zhang

Keywords:

Anomaly Detection, Application-Layer, Hidden Semi-Markov Model, Protocols’ Keywords

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Leyla B, Tudor D, Before we knew it: an empirical study of zero-day attacks in the real world, Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp.833-844.

DOI: 10.1145/2382196.2382284

Google Scholar

[2] Shun-Zheng Yu, Hidden Semi-Markov Models, Artificial Intelligence, 2010, Vol. 174, No. 2, pp.215-243.

DOI: 10.1016/j.artint.2009.11.011

Google Scholar

[3] Rabiner L R. A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition, Proceedings of the IEEE, 1989, Vol. 77, No. 2, pp.257-286.

DOI: 10.1109/5.18626

Google Scholar

[4] Kruegel C, Vigna G, Robertson W. A Multi-model Approach to the Detection of Web-based Attacks, Computer Networks, 2005, Vol. 48, No. 5, pp.717-738.

DOI: 10.1016/j.comnet.2005.01.009

Google Scholar

[5] Kruegel C, Vigna G. Anomaly Detection of Web-based Attacks, Proceedings of the 10th ACM Conference on Computer and Communication Security, 2003, pp.251-261.

DOI: 10.1145/948109.948144

Google Scholar

[6] Wang K, Stolfo S J. Anomalous Payload-Based Network Intrusion Detection, Proceedings of the Seventh International Symposium on Recent Advances in Intrusion Detection, 2004, pp.203-222.

DOI: 10.1007/978-3-540-30143-1_11

Google Scholar

[7] Perdisci R, Ariu D. McPAD: A Multiple Classifier System for Accurate Payload-based Anomaly Detection, Computer Networks, 2009, Vol. 53, No. 6, pp.864-881.

DOI: 10.1016/j.comnet.2008.11.011

Google Scholar

[8] Mahoney M V, Chan P K. Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks, Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2002, pp.376-385.

DOI: 10.1145/775047.775102

Google Scholar

[9] Hakem B, Geert Deconinck, Trackling Application-layer DDoS Attacks, Procedia Computer Science, 2012, Vol. 10, pp.432-441.

DOI: 10.1016/j.procs.2012.06.056

Google Scholar

[10] Yu, S.Z. H. Kobayashi, An Efficient Forward-backward Algorithm for an Explicit-duration Hidden Markov Model, IEEE Signal Processing Letters, 2003, Vol. 10, No. 1, pp.11-14.

DOI: 10.1109/lsp.2002.806705

Google Scholar

[11] Mahoney M V, Chan P K. An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection, Lecture Notes in Computer Science, 2003, pp.220-237.

DOI: 10.1007/978-3-540-45248-5_13

Google Scholar

[12] Thakare MSP, Chandurkar MP, Computer Attacks and Intrusion Detection System: A Need Review, International Journal of Computer Science and Applications, 2013, Vol. 6, No. 2, pp.425-436.

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.