Advertisement

A Vector Space Model Approach for Web Attack Classification Using Machine Learning Technique

  • B. V. Ram Naresh Yadav
  • B. Satyanarayana
  • D. Vasumathi
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 381)

Abstract

Web applications usage is increasing in online services in many ways in our day-to-day life. Business service providers have started deploying their business over the web through various e-commerce applications online. The growth of online web application increases the web complexity and vulnerability in terms of security which is a major concern in the current web security research. The extensive growth of various types of web attacks is a severe threat to web security. HTTP requests are usually secret code into a web attack spread through the injection and allow them to perform malicious actions on remote systems to execute arbitrary commands. This paper proposes an efficient approach for web attack classification, using a vector space model approach (VSMA), to improve the detection and classification accuracy. It is able to automatically classify the attacks from valid requests to detect the specific web attacks. The evaluation measure shows high precision and low recall rates than the existing classifiers in comparison.

Keywords

Web security Vector space model Web attacks Classification Accuracy 

References

  1. 1.
    Shailendra, S., Sanjay, S.: An ensemble approach for cyber attack detection system: a generic framework. IEEE, 14th-ACIS, pp. 79–85 (2013)Google Scholar
  2. 2.
    DinhNguyen, H., Cheng, Q.: An efficient feature selection method for distributed cyber attack detection and classification. IEEE, pp. 1–6 (2013)Google Scholar
  3. 3.
    Xu, L., Lille, I., Xiaohui, L., Xiaodong, L., Haojin, Z.: Securing smart grid: cyber attacks, countermeasures, and challenges. IEEE Commun. Mag. 38–46 (2012)Google Scholar
  4. 4.
    Richhariya, V., Rana, J.L., Jain, R.C., Pandey, R.K.: Design of trust model for efficient cyber attack detection on fuzzified large data using data mining techniques. Int. J. RCCT 2(3), 126–132 (2013)Google Scholar
  5. 5.
    Shailendra, S., Sanjay, A., Murtaza, A. et.al.: Improved support vector machine for cyber attack detection. IEEE, pp. 1–6 (2011)Google Scholar
  6. 6.
    Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: a static analysis tool for detecting web application vulnerabilities. IEEE Symposium on Security and Privacy (2006)Google Scholar
  7. 7.
    Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. ACM, 10th Conference on Computer and Communication Security, USA, pp. 251–261, Oct 2003Google Scholar
  8. 8.
    Gollmann, D.: Securing web applications. Inform. Secur. Techn. Report 13(1), 1–9 (2008)Google Scholar
  9. 9.
    Symantic: Security threat report—trend for 2012. Symantic, Tech. Rep., April 2012Google Scholar
  10. 10.
    Pachopoulos, K., Valsamou, D., Mavroeidis, D., Vazirgiannis, M.: Feature extraction from web traffic data for the application of data mining algorithms in attack identification. Proceedings of the ECML/PKDD’2007 Discovery Challenge, pp. 65–70 (2007)Google Scholar
  11. 11.
    Anagnostakis, K.G., Sidiroglou, S., Akritidis, P. et al.: Detecting targeted attacks using shadow honeypots. Proceeding for USENIX Security Symposium, pp. 129–144 (2005)Google Scholar
  12. 12.
    Exbrayat, M.: Analyzing web traffic—a boundaries signature approach. Proceedings for ECML/PKDD-2007 in Discovery Challenge, pp. 53–64 (2007)Google Scholar
  13. 13.
    Cova, M., Balzarotti, D., Felmetsger, V., Vigna, G.: Swaddler: an approach for the anomaly-based detection of state violations in web applications. Recent Advance in Intrusion Detection (RAID), pp. 63–86, Sept 2007Google Scholar
  14. 14.
    Salton, G, Wong, A, Yang, C.S.: A vector space model for automatic indexing. ACM Commun. Network 18(11), 613–620 (1975)Google Scholar
  15. 15.
    Database of XSSED: http://www.xssed.com/
  16. 16.
    Web Application Security Statistics Project-2007: Web App. Security Consortium. http://www.webappsec.org/projects/statistics/wasc_wass_2007.pdf (2008)
  17. 17.
    Vigna, G., Valeur, F., Balzarotti, D., Robertson, W., Kruegel, C., Kirda, E.: Reducing errors in the anomaly-based detection of web-based attacks through the combined analysis of web requests and SQL queries. J. Comput. Secur. 17(3), 305–329 (2009)Google Scholar
  18. 18.
    Ten, C.W., Manimaran, G.: Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans. Syst. 40, 853–865 (2010)Google Scholar

Copyright information

© Springer India 2016

Authors and Affiliations

  • B. V. Ram Naresh Yadav
    • 1
  • B. Satyanarayana
    • 2
  • D. Vasumathi
    • 3
  1. 1.Department of CSEJNTUH College of EngineeringHyderabadIndia
  2. 2.Department of CSTSri Krishna Devaraya UniversityAnantapurIndia
  3. 3.Department of CSEJNTUH College of EngineeringHyderabadIndia

Personalised recommendations