Efficient detection of anomolous HTTP payloads in networks

Anomalous payloads in network packets are a potential source for intrusion in computer networks. In this paper we come up with an efficient machine learning approach to detect anomalous payloads. The approach uses n-gram preprocessing to extract words included in the payload. Bayesian inference is used to learn normal and anomalous traffic patterns from the words extracted during training. During the operational phase each incoming network packet is evaluated by the learning algorithm and the payload is declared as normal or anomalous based on the patterns previously learnt. This approach is tested on CSIC 2010 HTTP Dataset. Experimental results demonstrate that this approach is efficient and robust and can achieve high detection accuracy with high true positives, and low false positives, across a variety of attacks.