Defeating n-gram Scores for HTTP Attack Detection

Author

Samyuktha Sridharan, San Jose State University

Publication Date

Spring 2016

Degree Type

Master's Project

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Mark Stamp

Second Advisor

Thomas Austin

Third Advisor

Fabio Di Troia

Keywords

HTTP Attack n-grams obfuscation

Abstract

Web applications that generate malicious HTTP requests provide a platform that attackers use to exploit vulnerable machines. Such malicious traffic should be identified by network intrusion detection systems, based on traffic analysis. Previous research has shown that n-gram techniques can be successfully applied to detect HTTP attacks. In this research, we analyze the robustness of these n-gram techniques. We show that n-gram scores are surprisingly robust, but can be defeated using certain obfuscation strategies. We also consider the need for a more costlier HMM-based intrusion detection system.

Recommended Citation

Sridharan, Samyuktha, "Defeating n-gram Scores for HTTP Attack Detection" (2016). Master's Projects. 489.
DOI: https://doi.org/10.31979/etd.japx-z6eu
https://scholarworks.sjsu.edu/etd_projects/489