A method for intrusion detection in web services based on time series

A prevalent issue in today's society that has attracted much attention is anomaly detection in time series. Service-oriented architecture (SOA) and web services are considered as one of the most important technologies. In this paper, we propose a model for intrusion detection in web services based on the autoregressive integrated moving average (ARIMA). First, we apply the ARIMA model to the training data. Second, we forecast their next behavior within a specific confidence interval. Third, we examine the testing data; if any instance falls out of the range of the confidence interval, it might be an anomaly, and the system will notify the administrator. We present experiments and results obtained using real world data.

[1]  Rasool Jalili,et al.  Alert Correlation Algorithms: A Survey and Taxonomy , 2013, CSS.

[2]  Guilan Wang,et al.  Research of Anomaly Detection Based on Time Series , 2009, 2009 WRI World Congress on Software Engineering.

[3]  Rongling Lang,et al.  Evaluation on Forecasting Algorithms of Time Series , 2009, 2009 International Conference on Management and Service Science.

[4]  Paul Watson,et al.  Experiments Towards Adaptation of Concurrent Workflows , 2007, ECOWS 2007.

[5]  Nils Agne Nordbotten,et al.  XML and Web Services Security Standards , 2009, IEEE Communications Surveys & Tutorials.

[6]  M. Leng,et al.  Variable Length Methods for Detecting Anomaly Patterns in Time Series , 2008, International Symposium on Computational Intelligence and Design.

[7]  Nils Gruschka,et al.  Protecting Web Services from DoS Attacks by SOAP Message Validation , 2006, SEC.

[8]  M.A. Masnadi-Shirazi,et al.  Arima model for network traffic prediction and anomaly detection , 2008, 2008 International Symposium on Information Technology.

[9]  Mohammad Abdollahi Azgomi,et al.  Towards an anomaly detection technique for web services based on kernel methods , 2009, 2009 International Conference on Innovations in Information Technology (IIT).

[10]  Jan Larsen,et al.  Machine Learning for Signal Processing , 2008, Neurocomputing.

[11]  Nuno Laranjeiro,et al.  Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services , 2009, 2009 IEEE International Conference on Services Computing.

[12]  Wei-Chuen Yau,et al.  Design and Implementation of an XML Firewall , 2006, 2006 International Conference on Computational Intelligence and Security.

[13]  Javier Bajo,et al.  An Adaptive Multi-agent Solution to Detect DoS Attack in SOAP Messages , 2009, CISIS.

[14]  R. Cox,et al.  Journal of the Royal Statistical Society B , 1972 .

[15]  Luís Torgo,et al.  Data Mining with R: Learning with Case Studies , 2010 .

[16]  Sorana D. Bolboacă,et al.  PEARSON VERSUS SPEARMAN, KENDALL'S TAU CORRELATION ANALYSIS ON STRUCTURE-ACTIVITY RELATIONSHIPS OF BIOLOGIC ACTIVE COMPOUNDS , 2005 .

[17]  Nils Gruschka,et al.  SOA and Web Services: New Technologies, New Standards - New Attacks , 2007, Fifth European Conference on Web Services (ECOWS'07).

[18]  Henryk Krawczyk,et al.  Security of Web Services , 2006, 2006 International Conference on Dependability of Computer Systems.

[19]  Su Fong Chien,et al.  ARIMA Based Network Anomaly Detection , 2010, 2010 Second International Conference on Communication Software and Networks.

[20]  Adel Bouhoula,et al.  Experimental analysis of attacks against web services and countermeasures , 2010, iiWAS.

[21]  William W. S. Wei,et al.  Time series analysis - univariate and multivariate methods , 1989 .

[22]  Miha Vuk,et al.  ROC curve, lift chart and calibration plot , 2006, Advances in Methodology and Statistics.

[23]  Mohammad Abdollahi Azgomi,et al.  A distributed multi-approach intrusion detection system for web services , 2010, SIN.

[24]  Christos Douligeris,et al.  Security in Web Services , 2007 .

[25]  G.S.V.R.K. Rao,et al.  An Adaptive Intrusion Detection and Prevention (ID/IP) Framework for Web Services , 2007, 2007 International Conference on Convergence Information Technology (ICCIT 2007).

[26]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..