Web applications are often exploited using different techniques like injection, buffer overflow, etc. An HTTP request carrying such malicious content will be different from a normal request. In this paper we propose to detect such anomalous HTTP requests using regular expression based signatures. These signatures are generated using character combinations specifically identified from known malicious requests. We identify certain characters which are useful for differentiating normal and anomalous requests using their frequency value comparison and subsequently select those combinations which have high chances of appearing together by estimating their joint probability values. We experiment with few sample attack types and show that proposed method can identify anomalous HTTP requests.
CITATION STYLE
Khandait, P., Hubballi, N., & Franke, K. (2020). POSTER: Towards Automating Detection of Anomalous HTTP Requests with Joint Probability Estimation of Characters. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 (pp. 889–891). Association for Computing Machinery, Inc. https://doi.org/10.1145/3320269.3405434
Mendeley helps you to discover research relevant for your work.