An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble

A Web attack protection system is extremely essential in today’s information age. Classifier ensembles have been considered for anomaly-based intrusion detection in Web traffic. However, they suffer from an unsatisfactory performance due to a poor ensemble design. This paper proposes a stacked ensemble for anomaly-based intrusion detection systems in a Web application. Unlike a conventional stacking, where some single weak learners are prevalently used, the proposed stacked ensemble is an ensemble architecture, yet its base learners are other ensembles learners, i.e. random forest, gradient boosting machine, and XGBoost. To prove the generalizability of the proposed model, two datasets that are specifically used for attack detection in a Web application, i.e. CSIC-2010v2 and CICIDS-2017 are used in the experiment. Furthermore, the proposed model significantly surpasses existing Web attack detection techniques concerning the accuracy and false positive rate metrics. Validation result on the CICIDS-2017, NSL-KDD, and UNSW-NB15 dataset also ameliorate the ones obtained by some recent techniques. Finally, the performance of all classification algorithms in terms of a two-step statistical significance test is further discussed, providing a value-added contribution to the current literature.

[1]  Eleonora Pantano,et al.  Ubiquitous Retailing Innovative Scenario: From the Fixed Point of Sale to the Flexible Ubiquitous Store , 2013 .

[2]  Zhuo Lu,et al.  Effectiveness of Machine Learning Based Intrusion Detection Systems , 2019, SpaCCS.

[3]  Tianqi Chen,et al.  XGBoost: A Scalable Tree Boosting System , 2016, KDD.

[4]  Beril Durmuş,et al.  Which Dimensions Affect Private Shopping e-customer Loyalty? , 2013 .

[5]  Gholamhossein Dastghaibyfard,et al.  Two-tier network anomaly detection model: a machine learning approach , 2017, Journal of Intelligent Information Systems.

[6]  Al-Sakib Khan Pathan,et al.  A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques , 2011, 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE).

[7]  Miguel A. Prada,et al.  Comparison of Network Intrusion Detection Performance Using Feature Representation , 2019, EANN.

[8]  Zhihua Cai,et al.  Evaluation Measures of the Classification Performance of Imbalanced Data Sets , 2009 .

[9]  Dewan Md Farid,et al.  Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs , 2014, The 8th International Conference on Software, Knowledge, Information Management and Applications (SKIMA 2014).

[10]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[11]  Bayu Adhi Tama,et al.  HFSTE: Hybrid Feature Selections and Tree-Based Classifiers Ensemble for Intrusion Detection System , 2017, IEICE Trans. Inf. Syst..

[12]  Leo Breiman,et al.  Bagging Predictors , 1996, Machine Learning.

[13]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[14]  Slobodan Petrovic,et al.  Reliability in A Feature-Selection Process for Intrusion Detection , 2012 .

[15]  Ernest Foo,et al.  Improving performance of intrusion detection system using ensemble methods and feature selection , 2018, ACSW.

[16]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[17]  Mahdi Abadi,et al.  OC-WAD: A one-class classifier ensemble approach for anomaly detection in web traffic , 2015, 2015 23rd Iranian Conference on Electrical Engineering.

[18]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[19]  Michael Friedewald,et al.  Ubiquitous computing: An overview of technology impacts , 2011, Telematics Informatics.

[20]  Chaouki Khammassi,et al.  A GA-LR wrapper approach for feature selection in network intrusion detection , 2017, Comput. Secur..

[21]  Tushar Kanti Saha,et al.  Web Application Security Attacks and Countermeasures , 2014 .

[22]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[23]  Rosni Abdullah,et al.  Intrusion detection system based on a modified binary grey wolf optimisation , 2019, Neural Computing and Applications.

[24]  P. Kumar,et al.  A survey on SQL injection attacks, detection and prevention techniques , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).

[25]  Ali Dehghantanha,et al.  A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks , 2019, IEEE Transactions on Emerging Topics in Computing.

[26]  Ralf Funk,et al.  Anomaly-based Web Application Firewall using HTTP-specific features and One-Class SVM , 2018 .

[27]  Karl Andersson,et al.  Elimination of DoS UDP Reflection Amplification Bandwidth Attacks, Protecting TCP Services , 2015, FNSS.

[28]  Adel Binbusayyis,et al.  Identifying and Benchmarking Key Features for Cyber Intrusion Detection: An Ensemble Approach , 2019, IEEE Access.

[29]  Michal Choras,et al.  A Proposal of Algorithm for Web Applications Cyber Attack Detection , 2014, CISIM.

[30]  Brij Bhooshan Gupta,et al.  Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art , 2017, Int. J. Syst. Assur. Eng. Manag..

[31]  Chonho Lee,et al.  A survey of mobile cloud computing: architecture, applications, and approaches , 2013, Wirel. Commun. Mob. Comput..

[32]  R. Johari,et al.  A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection , 2012, 2012 International Conference on Communication Systems and Network Technologies.

[33]  Alejandro Pérez-Villegas,et al.  An Anomaly-Based Approach for Intrusion Detection in Web Traffic , 2010 .

[34]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[35]  N. Breslow,et al.  Generalized Linear Models: Checking Assumptions and Strengthening Conclusions , 2022 .

[36]  Yang-Wai Chow,et al.  A Two-Stage Classifier Approach for Network Intrusion Detection , 2018, ISPEC.

[37]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[38]  Elizabeth DePoy Chapter 20 – Statistical Analysis for Experimental-Type Designs , 2016 .

[39]  Ron Kohavi,et al.  A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection , 1995, IJCAI.

[40]  K. P. Soman,et al.  Deep Learning Approach for Intelligent Intrusion Detection System , 2019, IEEE Access.

[41]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[42]  Seunghyun Park,et al.  ANN Based Intrusion Detection Model , 2019, AINA Workshops.

[43]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[44]  Michal Choras,et al.  Modelling HTTP Requests with Regular Expressions for Detection of Cyber Attacks Targeted at Web Applications , 2014, SOCO-CISIS-ICEUTE.

[45]  Subhajyoti Bandyopadhyay,et al.  Cloud computing - The business perspective , 2011, Decis. Support Syst..

[46]  Gonzalo Álvarez,et al.  Application of the Generic Feature Selection Measure in Detection of Web Attacks , 2011, CISIS.

[47]  J. Friedman Greedy function approximation: A gradient boosting machine. , 2001 .

[48]  Zhigang Lu,et al.  Marrying Graph Kernel with Deep Neural Network: A Case Study for Network Anomaly Detection , 2019, ICCS.

[49]  Parman Sukarno,et al.  Improving AdaBoost-based Intrusion Detection System (IDS) Performance on CIC IDS 2017 Dataset , 2019, Journal of Physics: Conference Series.

[50]  Ian H. Witten,et al.  Issues in Stacked Generalization , 2011, J. Artif. Intell. Res..

[51]  Dr.Irshad Ahmed Sumra,et al.  Attacks on Security Goals (Confidentiality, Integrity, Availability) in VANET: A Survey , 2015 .

[52]  Bayu Adhi Tama,et al.  An in-depth experimental study of anomaly detection using gradient boosted machine , 2017, Neural Computing and Applications.

[53]  Mounir Ghogho,et al.  Intrusion Detection in SDN-Based Networks: Deep Recurrent Neural Network Approach , 2019, Deep Learning Applications for Cyber Security.

[54]  M. Friedman A Comparison of Alternative Tests of Significance for the Problem of $m$ Rankings , 1940 .

[55]  Ran Gilad-Bachrach,et al.  DART: Dropouts meet Multiple Additive Regression Trees , 2015, AISTATS.

[56]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1997, EuroCOLT.

[57]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[58]  Bayu Adhi Tama,et al.  TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-Based Intrusion Detection System , 2019, IEEE Access.

[59]  Yoshua Bengio,et al.  Random Search for Hyper-Parameter Optimization , 2012, J. Mach. Learn. Res..

[60]  J. Wolfert,et al.  Virtualization of food supply chains with the internet of things , 2016 .

[61]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[62]  D. Quade Using Weighted Rankings in the Analysis of Complete Blocks with Additive Block Effects , 1979 .

[63]  Mohamed Rida,et al.  Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms , 2019, Comput. Secur..

[64]  Kandasamy Muniasamy,et al.  Improving the Accuracy of Intrusion Detection Using GAR-Forest with Feature Selection , 2015, FICTA.

[65]  Katrin Franke,et al.  Adaptive Intrusion Detection System via online machine learning , 2012, 2012 12th International Conference on Hybrid Intelligent Systems (HIS).

[66]  David D. Cox,et al.  Making a Science of Model Search: Hyperparameter Optimization in Hundreds of Dimensions for Vision Architectures , 2013, ICML.

[67]  Alladi Venkatesh,et al.  Mobile Marketing in the Retailing Environment: Current Insights and Future Research Avenues , 2010 .

[68]  David J. Groggel,et al.  Practical Nonparametric Statistics , 2000, Technometrics.

[69]  Constantinos-Vasilios Priporas,et al.  The effect of mobile retailing on consumers' purchasing experiences: A dynamic perspective , 2016, Comput. Hum. Behav..