Advertisement

Application of the Generic Feature Selection Measure in Detection of Web Attacks

  • Hai Thanh Nguyen
  • Carmen Torrano-Gimenez
  • Gonzalo Alvarez
  • Slobodan Petrović
  • Katrin Franke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6694)

Abstract

Feature selection for filtering HTTP-traffic in Web application firewalls (WAFs) is an important task. We focus on the Generic-Feature-Selection (GeFS) measure [4], which was successfully tested on low-level package filters, i.e., the KDD CUP’99 dataset. However, the performance of the GeFS measure in analyzing high-level HTTP-traffic is still unknown. In this paper we study the GeFS measure for WAFs. We conduct experiments on the publicly available ECML/PKDD-2007 dataset. Since this dataset does not target any real Web application, we additionally generate our new CSIC-2010 dataset. We analyze the statistical properties of both two datasets to provide more insides of their nature and quality. Subsequently, we determine appropriate instances of the GeFS measure for feature selection. We use different classifiers to test the detection accuracies. The experiments show that we can remove 63% of irrelevant and redundant features from the original dataset, while reducing only 0.12% the detection accuracy of WAFs.

Keywords

Web attack detection Web application firewall intrusion detection systems feature selection machine learning algorithms 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification. John Wiley & Sons, USA (2001)zbMATHGoogle Scholar
  2. 2.
    Guyon, I., Gunn, S., Nikravesh, M., Zadeh, L.A.: Feature Extraction: Foundations and Applications. Series Studies in Fuzziness and Soft Computing. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  3. 3.
    Liu, H., Motoda, H.: Computational Methods of Feature Selection. Chapman & Hall/CRC, Boca Raton (2008)zbMATHGoogle Scholar
  4. 4.
    Nguyen, H., Franke, K., Petrović, S.: Towards a Generic Feature-Selection Measure for Intrusion Detection. In: 20th International Conference on Pattern Recognition, Istanbul, Turkey, pp. 1529–1532 (August 2010)Google Scholar
  5. 5.
    Torrano-Gimenez, C., Perez-Villegas, A., Alvarez, G.: A Self-Learning Anomaly-Based Web Application Firewall. In: Proceedings of Computational Intelligence In Security For Information Systems (CISIS 2009), pp. 85–92 (2009)Google Scholar
  6. 6.
    Rassi, C., Brissaud, J., Dray, G., Poncelet, P., Roche, M., Teisseire, M.: Web Analyzing Traffic Challenge: Description and Results. In: Proceedings of the Discovery Challenge ECML/PKDD 2007, pp. 47–52 (2007)Google Scholar
  7. 7.
    McHugh, J.: Testing Intrusion Detection Systems: Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. Proc. ACM Transactions on Information and System Security (TISSEC) 3(4), 262–294 (2000)CrossRefGoogle Scholar
  8. 8.
    Becher, M.: Web Application Firewalls. VDM Verlag Dr. Mueller e.K. (February 1, 2007); ISBN-10: 383640446X, ISBN-13: 978-3836404464Google Scholar
  9. 9.
    Lee, W.: A data mining framework for building intrusion detection models. In: IEEE Symposium on Security and Privacy, Berkeley, California, pp. 120–132 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Hai Thanh Nguyen
    • 1
  • Carmen Torrano-Gimenez
    • 2
  • Gonzalo Alvarez
    • 2
  • Slobodan Petrović
    • 1
  • Katrin Franke
    • 1
  1. 1.Norwegian Information Security LaboratoryGjøvik University CollegeNorway
  2. 2.Consejo Superior de Investigaciones CientíficasInstituto de Física AplicadaMadridSpain

Personalised recommendations