A Two-Tier System for Web Attack Detection Using Linear Discriminant Method
Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.
KeywordsWeb-based attack Intrusion detection Packet payload Feature selection Linear discriminant method
Unable to display preview. Download preview PDF.
- 1.Corporation, M.: Common vulnerabilities and exposures, http://cve.mitre.org/ (accessed June 16, 2006)
- 2.Kay, J.: Low Volume Viruses: New Tools for Criminals. Network Security, 16–18 (2005)Google Scholar
- 3.Denning, D.E.: An Intrusion-detection Model. IEEE Transactions on Software Engineering, 222–232 (2006)Google Scholar
- 4.TippingPoint, http://www.tippingpoint.com/
- 9.Shih, H.C., Ho, J.H., Chang, C.P., Pan, J.S., Liao, B.Y., Kuo, T.H.: Detection of Network Attack and Intrusion Using PCA-ICA. In: 3rd International Conference on Innovative Computing Information and Control, p. 564(2008)Google Scholar
- 10.Singh, S., Silakari, S.: Generalized Discriminant Analysis Algorithm for Feature Reduction in Cyber Attack Detection System. International Journal of Computer Science and Information Security 6, 173–180 (2009)Google Scholar
- 14.Nwanze, N., Summerville, D.: Detection of Anomalous Network Packets Using Lightweight Stateless Payload Inspection. In: The 33rd IEEE Conference on Local Computer Networks, pp. 911–918 (2008)Google Scholar
- 15.Tan, Z., Jamdagni, A., Nanda, P., He, X.: Network Intrusion Detection Based on LDA for Payload Feature Selection. In: IEEE Globecom 2010 Workshop on Web and Pervasive Security, pp. 1–5. IEEE Press, Los Alamitos (2010) (to appear)Google Scholar
- 16.Jamdagni, A., Tan, Z., Nanda, P., He, X., Liu, R.: Intrusion Detection Using GSAD Model for HTTP Traffic on Web Services. In: The 6th International Wireless Communications and Mobile Computing Conference, pp. 1193–1197. ACM, New York (2010)Google Scholar
- 17.1999 DARPA Intrusion Detection Evaluation Data Set, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999data.html