Exploiting n-gram location for intrusion detection
|Title||Exploiting n-gram location for intrusion detection|
|Publication Type||Conference Paper|
|Year of Publication||2015|
|Authors||Angiulli, F, Argento, L, Furfaro, A|
|Conference Name||27th IEEE International Conference on Tools with Artificial Intelligence (ICTAI)|
|Conference Location||Vietri sul Mare (SA), Italy|
Signature-based and protocol-based intrusion detection systems (IDS) are employed as means to reveal content-based network attacks. Such systems have proven to be effective in identifying known intrusion attempts and exploits but they fail to recognize new types of attacks or carefully crafted variants of well known ones. This paper presents the design and the development of an anomaly-based IDS technique which is able to detect content-based attacks carried out over application level protocols, like HTTP and FTP. In order to identify anomalous packets, the payload is split up in chunks of equal length and the n-gram technique is used to learn which byte sequences usually appear in each chunk.