Analyzing HTTP requests for web intrusion detection

Many web application security problems related to intrusion have resulted from the rapid development of web applications. To reduce the risk of web application problems, web application developers need to take measures to write secure applications to prevent known attacks. When such measures fail, it is important to detect such attacks and find the source of the attacks to reduce the estimated risks. Intrusion detection is one of the powerful techniques designed to identify and prevent harm to the system. Most defensive techniques in Web Intrusion Systems are not able to deal with the complexity of cyber-attacks in web applications. However, machine learning approaches could help to detect known and unknown web application attacks. In this paper, we present machine learning techniques to classify the HTTP requests in the well-known dataset CSIC 2010 HTTP (Giménez et al., 2012) as normal or abnormal traffic, and we compare our experimental results with the results reported by Pham et al. in 2016 and Nguyen et al. in 2011. These experiments produce results for overlapping sets of machine-learning techniques and different sets of features, allowing us to compare how good the various feature sets are for the various machine-learning techniques, at least on this dataset.

[1]  Giovanni Vigna,et al.  A Learning-Based Approach to the Detection of SQL Attacks , 2005, DIMVA.

[2]  Ian H. Witten,et al.  Weka: Practical machine learning tools and techniques with Java implementations , 1999 .

[3]  Geoff Holmes,et al.  Benchmarking Attribute Selection Techniques for Discrete Class Data Mining , 2003, IEEE Trans. Knowl. Data Eng..

[4]  Michael Auxilia,et al.  Anomaly detection using negative security model in web application , 2010, 2010 International Conference on Computer Information Systems and Industrial Management Applications (CISIM).

[5]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[6]  M. Nene,et al.  A Survey on Machine Learning Techniques for Intrusion Detection Systems , 2013 .

[7]  Truong Son Pham,et al.  Machine learning techniques for web intrusion detection — A comparison , 2016, 2016 Eighth International Conference on Knowledge and Systems Engineering (KSE).

[8]  Scott Nowson Scary films good, scary flights bad: topic driven feature selection for classification of sentiment , 2009, CIKM 2009.

[9]  Javed Akhtar Khan,et al.  A Survey on Intrusion Detection Systems and Classification Techniques , 2016 .

[10]  Wen Kai Guo Fan An adaptive anomaly detection of WEB-based attacks , 2012, 2012 7th International Conference on Computer Science & Education (ICCSE).

[11]  Timo Hämäläinen,et al.  Analysis of HTTP Requests for Anomaly Detection of Web Attacks , 2014, 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing.

[12]  Tina Eliassi-Rad,et al.  Classification of HTTP Attacks: A Study on the ECML/PKDD 2007 Discovery Challenge , 2009 .

[13]  Debasish Das,et al.  A Web Intrusion Detection Mechanism based on Feature based Data Clustering , 2009, 2009 IEEE International Advance Computing Conference.

[14]  HolmesGeoffrey,et al.  Benchmarking Attribute Selection Techniques for Discrete Class Data Mining , 2003 .

[15]  Zhaowen Lin,et al.  A hybrid web log based intrusion detection model , 2016, 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS).

[16]  Gonzalo Álvarez,et al.  Application of the Generic Feature Selection Measure in Detection of Web Attacks , 2011, CISIS.

[17]  Mahdi Zamani,et al.  Machine Learning Techniques for Intrusion Detection , 2013, ArXiv.