%0 Conference Paper
%A Nguyen, Xuan Nam
%A Nguyen, Dai Tho
%A Vu, Hai Long
%A University of Engineering and Technology, Vietnam National University, Hanoi,
%B 2016 3rd National Foundation for Science and Technology Development (NAFOSTED) Conference on Information and Computer Science (NICS)
%C Danang City, Vietnam
%D 2016
%F SisLab:2361
%P 74-79
%T POCAD: a Novel Payload-based One-Class Classifier for Anomaly Detection
%U https://eprints.uet.vnu.edu.vn/eprints/id/eprint/2361/
%X In this paper, we propose a novel Payload-based One-class Classifier for Anomaly Detection called POCAD, which combines a generalized 2v-gram feature extractor and a one-class SVM classifier to effectively detect network intrusion attacks. We extensively evaluate POCAD with real-world datasets of HTTP-based attacks. Our experiment results show that POCAD can quickly detect malicious payload and achieves a high detection rate as well as a low false positive rate. The experiment results also show that POCAD outperforms state of the art payload-based detection schemes such as McPAD [8] and PAYL [5].