Advertisement

A Two-Tier System for Web Attack Detection Using Linear Discriminant Method

  • Zhiyuan Tan
  • Aruna Jamdagni
  • Xiangjian He
  • Priyadarsi Nanda
  • Ren Ping Liu
  • Wenjing Jia
  • Wei-chang Yeh
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6476)

Abstract

Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.

Keywords

Web-based attack Intrusion detection Packet payload Feature selection Linear discriminant method 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Corporation, M.: Common vulnerabilities and exposures, http://cve.mitre.org/ (accessed June 16, 2006)
  2. 2.
    Kay, J.: Low Volume Viruses: New Tools for Criminals. Network Security, 16–18 (2005)Google Scholar
  3. 3.
    Denning, D.E.: An Intrusion-detection Model. IEEE Transactions on Software Engineering, 222–232 (2006)Google Scholar
  4. 4.
  5. 5.
    Paxson, V.: Bro: A System for Detecting Network Intruders in Real-time. Computer Networks 31, 2435–2463 (1999)CrossRefGoogle Scholar
  6. 6.
    Patcha, A., Park, J.M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks 51, 3448–3470 (2007)CrossRefGoogle Scholar
  7. 7.
    Wang, K., Stolfo, S.J.: Anomalous Payload-based Network Intrusion Detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 203–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Mahoney, M.V.: Network Traffic Anomaly Detection Based on Packet Bytes. In: The 2003 ACM Symposium on Applied Computing, pp. 346–350. ACM, New York (2003)CrossRefGoogle Scholar
  9. 9.
    Shih, H.C., Ho, J.H., Chang, C.P., Pan, J.S., Liao, B.Y., Kuo, T.H.: Detection of Network Attack and Intrusion Using PCA-ICA. In: 3rd International Conference on Innovative Computing Information and Control, p. 564(2008)Google Scholar
  10. 10.
    Singh, S., Silakari, S.: Generalized Discriminant Analysis Algorithm for Feature Reduction in Cyber Attack Detection System. International Journal of Computer Science and Information Security 6, 173–180 (2009)Google Scholar
  11. 11.
    Chen, Y., Li, Y., Cheng, X.Q., Guo, L.: Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System. In: Lipmaa, H., Yung, M., Lin, D. (eds.) Inscrypt 2006. LNCS, vol. 4318, pp. 153–167. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Krugel, C., Toth, T., Kirda, E.: Service Specific Anomaly detection for Network Intrusion Detection. In: The 2002 ACM Symposium on Applied Computing, pp. 201–208. ACM, New York (2002)CrossRefGoogle Scholar
  13. 13.
    Wang, K., Parekh, J., Stolfo, S.: Anagram: A Content Anomaly Detector Resistant to Mimicry Attack. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 226–248. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Nwanze, N., Summerville, D.: Detection of Anomalous Network Packets Using Lightweight Stateless Payload Inspection. In: The 33rd IEEE Conference on Local Computer Networks, pp. 911–918 (2008)Google Scholar
  15. 15.
    Tan, Z., Jamdagni, A., Nanda, P., He, X.: Network Intrusion Detection Based on LDA for Payload Feature Selection. In: IEEE Globecom 2010 Workshop on Web and Pervasive Security, pp. 1–5. IEEE Press, Los Alamitos (2010) (to appear)Google Scholar
  16. 16.
    Jamdagni, A., Tan, Z., Nanda, P., He, X., Liu, R.: Intrusion Detection Using GSAD Model for HTTP Traffic on Web Services. In: The 6th International Wireless Communications and Mobile Computing Conference, pp. 1193–1197. ACM, New York (2010)Google Scholar
  17. 17.

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Zhiyuan Tan
    • 1
  • Aruna Jamdagni
    • 1
    • 2
  • Xiangjian He
    • 1
  • Priyadarsi Nanda
    • 1
  • Ren Ping Liu
    • 2
  • Wenjing Jia
    • 1
  • Wei-chang Yeh
    • 3
  1. 1.Centre for Innovation in IT Services and Applications (iNEXT)University of TechnologySydneyAustralia
  2. 2.CSIRO, ICT CentreAustralia
  3. 3.Department of Industrial Engineering and Engineering ManagementNational Tsing Hua UniversityHsinchuTaiwan R.O.C.

Personalised recommendations