Next Article in Journal
Name Lookup in Named Data Networking: A Review
Previous Article in Journal
Smart Traffic Lights over Vehicular Named Data Networking
Article Menu

Export Article

Open AccessArticle
Information 2019, 10(3), 84; https://doi.org/10.3390/info10030084

Anomaly-Based Method for Detecting Multiple Classes of Network Attacks

1,2,†
and
1,2,*,†
1
Moscow Power Engineering Institute, National Research University, Krasnokazarmennaya 14, Moscow 111250, Russia
2
InfoTeCS JSC, Stary Petrovsko-Razumovsky Proyezd, 1/23, building 1, Moscow 127287, Russia
*
Author to whom correspondence should be addressed.
These authors contributed equally to this work.
Received: 17 January 2019 / Revised: 8 February 2019 / Accepted: 20 February 2019 / Published: 26 February 2019
(This article belongs to the Special Issue Machine Learning for Cyber-Security)
Full-Text   |   PDF [1270 KB, uploaded 26 February 2019]   |  

Abstract

The article discusses the problem of detecting network attacks on a web server. The attention is focused on two common types of attacks: “denial of service” and “code injection”. A review and an analysis of various attack detection techniques are conducted. A new lightweight approach to detect attacks as anomalies is proposed. It is based on recognition of the dynamic response of the web server during requests processing. An autoencoder is implemented for dynamic response anomaly recognition. A case study with the MyBB web server is described. Several flood attacks and SQL injection attack are modeled and successfully detected by the proposed method. The efficiency of the detection algorithm is evaluated, and the advantages and disadvantages of the proposed approach are analyzed. View Full-Text
Keywords: anomaly detection; autoencoder; one-class classification; dynamic response model; vulnerability exploitation; lightweight intrusion detection; web server; SQL injection; flood attack anomaly detection; autoencoder; one-class classification; dynamic response model; vulnerability exploitation; lightweight intrusion detection; web server; SQL injection; flood attack
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Gurina, A.; Eliseev, V. Anomaly-Based Method for Detecting Multiple Classes of Network Attacks. Information 2019, 10, 84.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Information EISSN 2078-2489 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top