POCAD: A novel pay load-based one-class classifier for anomaly detection

In this paper, we propose a novel Payload-based One-class Classifier for Anomaly Detection called POCAD, which combines a generalized 2v-gram feature extractor and a one-class SVM classifier to effectively detect network intrusion attacks. We extensively evaluate POCAD with real-world datasets of HTTP-based attacks. Our experiment results show that POCAD can quickly detect malicious payload and achieves a high detection rate as well as a low false positive rate. The experiment results also show that POCAD outperforms state of the art payload-based detection schemes such as McPAD [4] and PAYL [8].