Grammar-Based Anomaly Methods for HTTP Attacks

Abstract

HTTP-related vulnerabilities are being more commonly exploited as HTTP applications becoming the number one application across the Internet. Several HTTP specific anomaly methods have been proposed, among which grammar-based methods tend more likely to reflect the underlying structure of HTTP communications, therefore showed a promising classifying capability between benign and malicious accesses. Because of being separately proposed among other methods, grammar-based methods have not been summarized and compared directly on the same dataset. This paper presents several grammar-based anomaly methods for HTTP attacks, reveals their detecting capabilities, common features, strengths and drawbacks in comparison with each other.