论文信息 - Application of the Generic Feature Selection Measure in Detection of Web Attacks

Application of the Generic Feature Selection Measure in Detection of Web Attacks

Feature selection for filtering HTTP-traffic in Web application firewalls (WAFs) is an important task. We focus on the Generic-Feature-Selection (GeFS) measure [4], which was successfully tested on low-level package filters, i.e., the KDD CUP'99 dataset. However, the performance of the GeFS measure in analyzing high-level HTTP-traffic is still unknown. In this paper we study the GeFS measure for WAFs. We conduct experiments on the publicly available ECML/PKDD-2007 dataset. Since this dataset does not target any real Web application, we additionally generate our new CSIC-2010 dataset. We analyze the statistical properties of both two datasets to provide more insides of their nature and quality. Subsequently, we determine appropriate instances of the GeFS measure for feature selection. We use different classifiers to test the detection accuracies. The experiments show that we can remove 63% of irrelevant and redundant features from the original dataset, while reducing only 0.12% the detection accuracy of WAFs.

[1] Shigeo Abe DrEng. Pattern Classification , 2001, Springer London.

[2] David G. Stork,et al. Pattern Classification , 1973 .

[3] Masoud Nikravesh,et al. Feature Extraction: Foundations and Applications (Studies in Fuzziness and Soft Computing) , 2006 .

[4] Michael Becher. Web Application Firewalls , 2007 .

[5] John McHugh,et al. Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[6] Masoud Nikravesh,et al. Feature Extraction - Foundations and Applications , 2006, Feature Extraction.

[7] Gonzalo Álvarez,et al. A Self-learning Anomaly-Based Web Application Firewall , 2009, CISIS.

[8] Maguelonne Teisseire,et al. Web Analyzing Traffic Challenge: Description and Results , 2007 .

[9] Hiroshi Motoda,et al. Computational Methods of Feature Selection , 2022 .

[10] Salvatore J. Stolfo,et al. A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[11] Slobodan Petrovic,et al. Towards a Generic Feature-Selection Measure for Intrusion Detection , 2010, 2010 20th International Conference on Pattern Recognition.