• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations

DMCA

Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic

Cached

  • Download as a PDF

Download Links

  • [www.cs.columbia.edu]
  • [www.cs.fit.edu]
  • [www.isoc.org]
  • [cs.fit.edu]
  • [cs.fit.edu]
  • [www1.cs.columbia.edu]
  • [www.cs.columbia.edu]
  • [www.cs.columbia.edu]
  • [www.cs.columbia.edu]
  • [www1.cs.columbia.edu]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Yingbo Song , Angelos D. Keromytis , Salvatore J. Stolfo
Citations:21 - 3 self
  • Summary
  • Citations
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@MISC{Song_spectrogram:a,
    author = {Yingbo Song and Angelos D. Keromytis and Salvatore J. Stolfo},
    title = {Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic},
    year = {}
}

Share

Facebook Twitter Reddit Bibsonomy

OpenURL

 

Abstract

We present Spectrogram, a machine learning based statistical anomaly detection (AD) sensor for defense against web-layer code-injection attacks. These attacks include PHP file inclusion, SQL-injection and cross-sitescripting; memory-layer exploits such as buffer overflows are addressed as well. Statistical AD sensors offer the advantage of being driven by the data that is being protected and not by malcode samples captured in the wild. While models using higher order statistics can often improve accuracy, trade-offs with false-positive rates and model efficiency remain a limiting usability factor. This paper presents a new model and sensor framework that offers a favorable balance under this constraint and demonstrates improvement over some existing approaches.Spectrogram is a network situated sensor that dynamically assembles packets to reconstruct content flows and learns to recognize legitimate web-layer script input. We describe an efficient model for this task in the form of a mixture of Markovchains and derive the corresponding training algorithm. Our evaluations show significant detection results on an array of real world web layer attacks, comparing favorably against other AD approaches. 1

Keyphrases

web traffic    anomaly detection    mixture-of-markov-chains model    sensor framework    legitimate web-layer script input    efficient model    statistical ad sensor    model efficiency    php file inclusion    limiting usability factor    order statistic    buffer overflow    ad approach    favorable balance    content flow    real world web layer attack    web-layer code-injection attack    present spectrogram    significant detection result    new model    corresponding training algorithm    false-positive rate    malcode sample    machine learning    memory-layer exploit    statistical anomaly detection   

Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University