Patterns extraction method for anomaly detection in HTTP traffic

Abstract

In this paper the new pattern extraction method for HTTP traffic anomaly detection is proposed. The method is based on innovative combination of (i) text segmentation technique-used to identify some common parts (tokens) of requests and (ii) statistical analysis-that captures the dynamic properties (variables) of data between tokens. In result, such approach allows to capture the structure of the message body received from the consecutive requests. Our experiments show that this technique allows for significant improvement of effectiveness when compared to other techniques that treat the message body as the whole. Another advantage isa the fact that our tool does not need any prior knowledge about protocols and APIs that use HTTP as a transportation mean (e.g. RESTFull API, SOAP, etc.).