Analysis and Classification of Current Trends in Malicious HTTP Traffic

Author

Risto Pantev, West Virginia University

Semester

Spring

Date of Graduation

2011

Document Type

Thesis

Degree Type

MS

College

Statler College of Engineering and Mineral Resources

Department

Lane Department of Computer Science and Electrical Engineering

Committee Chair

Katerina Goseva-Popstojanova

Abstract

Web applications are highly prone to coding imperfections which lead to hacker-exploitable vulnerabilities. The contribution of this thesis includes detailed analysis of malicious HTTP traffic based on data collected from four advertised high-interaction honeypots, which hosted different Web applications, each in duration of almost four months. We extract features from Web server logs that characterize malicious HTTP sessions in order to present them as data vectors in four fully labeled datasets. Our results show that the supervised learning methods, Support Vector Machines (SVM) and Decision Trees based J48 and PART, can be used to efficiently distinguish attack sessions from vulnerability scan sessions, as well as efficiently classify twenty-two different types of malicious activities with high probability of detection and very low probability of false alarms for most cases. Furthermore, feature selection methods can be used to select important features in order to improve the computational complexity of the learners.

Recommended Citation

Pantev, Risto, "Analysis and Classification of Current Trends in Malicious HTTP Traffic" (2011). Graduate Theses, Dissertations, and Problem Reports. 4763.
https://researchrepository.wvu.edu/etd/4763