مرکز منطقه ای اطلاع رساني علوم و فناوري - Applying Conditional Random Fields to payload anomaly detection with CRFPAD

DocumentCode :

624208

Title :

Applying Conditional Random Fields to payload anomaly detection with CRFPAD

Author :

Taub, Lawrence

Author_Institution :

Sch. of Comput. & Inf. Sci., Nova Southeastern Univ., Davie, FL, USA

fYear :

2013

fDate :

4-7 April 2013

Firstpage :

Lastpage :

Abstract :

Payload anomaly detection is a relatively young branch of intrusion detection focusing on the analysis of packet payloads to identify attacks in the application layer. Previous payload anomaly detection systems have used models such as Support Vector Machines and various Markov models. The model proposed in this paper for analysis is the Conditional Random Fields model. Conditional Random Fields have been successfully applied to anomaly detection methods other than payload anomaly detection. In this paper, a prototype payload anomaly detection system is discussed then tested against a public data set. The results of the testing show that the Conditional Random Fields model is a very powerful model for payload anomaly detection.

Keywords :

security of data; statistical analysis; CRFPAD; Markov model; conditional random field; intrusion detection; payload anomaly detection; support vector machine; Feature extraction; Hidden Markov models; Intrusion detection; Markov processes; Payloads; Spectrogram; Testing; anomaly detection; conditional random fields; payload;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Southeastcon, 2013 Proceedings of IEEE

Conference_Location :

Jacksonville, FL

ISSN :

1091-0050

Print_ISBN :

978-1-4799-0052-7

Type :

conf

DOI :

10.1109/SECON.2013.6567425

Filename :

6567425

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=624208