"Boundary Detection in Tokenizing Network Application Payload for Anoma" by Rachna Vargiya and Philip K. Chan

Electrical Engineering and Computer Science Faculty Publications

Title

Boundary Detection in Tokenizing Network Application Payload for Anomaly Detection

Authors

Rachna Vargiya
Philip K. Chan

Document Type

Report

Abstract

Most of the current anomaly detection methods for network traffic rely on the packet header for studying network traffic behavior. We believe that significant information lies in the payload of the packet and hence it is important to model the payload as well. Since many protocols exist and new protocols are frequently introduced, parsing the payload based on the protocol specification is time-consuming. Instead of relying on the specification, we propose four different characteristics of streams of bytes, which can help us develop algorithms for parsing the payload into tokens. We feed the extracted tokens from the payload to anomaly detection algorithm. Our empirical results indicated that our parsing techniques can extract tokens that can improve the detection rate.

Publication Date

6-11-2003

Recommended Citation

Vargiya, R., Chan, P.K. (2003). Boundary detection in tokenizing network application payload for anomaly detection (CS-2003-21). Melbourne, FL. Florida Institute of Technology

Download

Included in

Electrical and Computer Engineering Commons

COinS

Electrical Engineering and Computer Science Faculty Publications

Title

Boundary Detection in Tokenizing Network Application Payload for Anomaly Detection

Authors

Document Type

Abstract

Publication Date

Recommended Citation

Included in

Search

Browse

Author Corner

Electrical Engineering and Computer Science Faculty Publications

Title

Boundary Detection in Tokenizing Network Application Payload for Anomaly Detection

Authors

Document Type

Abstract

Publication Date

Recommended Citation

Included in

Share

Search

Browse

Author Corner