Skip to main content
SpringerLink
Log in
Book cover

Soft Computing and Signal Processing pp 119–133Cite as

A Machine Learning Approach for Web Intrusion Detection: MAMLS Perspective

  • Conference paper
  • First Online:

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 900))

Abstract

Open Web Applications Security Project (OWASP), an open-source community committed to serve application developers and security professionals has always accentuated on the dire consequences of web application vulnerabilities like SQLI, XSS, LDAP, and Buffer overflow attacks frequently occurring on the web application threat landscape. Since these attacks are difficult to comprehend, machine learning algorithms are often applied to this problem context for decoding anomalous patterns. This work explores the performance of algorithms like decision forest, neural networks, support vector machine, and logistic regression. Their performance has been evaluated using standard performance metrics. HTTP CSIC 2010, a web intrusion detection dataset is used in this study. Experimental results indicate that SVM and LR have been superior in their performance than their counterparts. Predictive workflows have been created using Microsoft Azure Machine Learning Studio (MAMLS), a scalable machine learning platform which facilitates an integrated development environment to data scientists.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. N. Keegan et al., A survey of cloud-based network intrusion detection analysis. Human-centric Comput. Inf. Sci. 6(1), 19 (2016)

    Article  MathSciNet  Google Scholar 

  2. S. Subashini, V. Kavitha, A survey on security issues in service delivery models of cloud computing. J. Network Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  3. C.-F. Tsai et al., Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)

    Article  Google Scholar 

  4. K. Koitzsch, Standard toolkits for hadoop and analytics (Pro Hadoop Data Analytics. Apress, Berkeley, CA, 2017), pp. 43–62

    Google Scholar 

  5. V. Bolon-Canedo, N. Sanchez-Marono, A. Alonso-Betanzos, Feature selection and classification in multiple class datasets: an application to KDD Cup 99 dataset. Expert Syst. Appl. 38(5), 5947–5957 (2011)

    Article  Google Scholar 

  6. A.S. Eesa, Z. Orman, A.M.A. Brifcani, A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42(5):2670–2679 (2015)

    Article  Google Scholar 

  7. C. Torrano-Gimenez, A. Perez-Villegas, G. Alvarez Maranon. HTTP data set CSIC 2010 (2010)

    Google Scholar 

  8. H. Xu, C. Caramanis, S. Mannor, Sparse algorithms are not stable: a no-free-lunch theorem. IEEE Trans. Pattern Anal. Mach. Intell. 34(1), 187–193 (2012)

    Article  Google Scholar 

  9. Y.-C. Ho, D.L. Pepyne, Simple explanation of the no-free-lunch theorem and its implications. J. Optim. Theory Appl. 115(3), 549–570 (2002)

    Article  MathSciNet  Google Scholar 

  10. S. Mund, Microsoft Azure Machine Learning (Packt Publishing Ltd, 2015)

    Google Scholar 

  11. Positive Technologies detected vulnerabilities in a popular network control software https://www.ptsecurity.com/upload/corporate/ww-en/analytics/WebApp-Attacks-2017-eng.pdf

  12. Imperva Web Application Attack Report, https://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed6.pdf

  13. Teresa Meek, https://www.forbes.com/sites/delltechnologies/2017/12/11/how-to-prevent-insiders-from-breaching-your-data/#59b724418926

  14. Acunetix, Defence in depth and how it applies to web applications, http://www.infosecurityeurope.com/__novadocuments/237693?v

  15. CISCO, Understanding SQL Injection, https://www.cisco.com/c/en/us/about/security-center/sql-injection.html

  16. DB Networks, Stop SQL Injection Now! http://www.dbnetworks.com/pdf/ponemon-the-SQL-injection-threat-study.pdf

  17. OWASP, https://www.owasp.org/index.php/Top_10-2017_Top_10

  18. R. Kozik et al., A Proposal of algorithm for web applications cyber attack detection, in IFIP International Conference on Computer Information Systems and Industrial Management (Springer, Berlin, Heidelberg, 2014)

    Chapter  Google Scholar 

  19. H. Nguyen et al., Application of the generic feature selection measure in detection of web attacks in Computational Intelligence in Security for Information Systems (Springer, Berlin, Heidelberg, 2011), pp. 25–32

    Chapter  Google Scholar 

  20. E. Han, Analyzing and classifying web application attacks. Int. J. Adv. Electron. Comput. Sci. 2(4) (2015)

    Google Scholar 

  21. Z. Zhang, R. George, K. Shujaee, Efficient detection of anomalous HTTP payloads in networks, in SoutheastCon, 2016. IEEE (2016)

    Google Scholar 

  22. D. Atienza, Á. Herrero, E. Corchado, Neural analysis of http traffic for web attack detection, in International Joint Conference (Springer, Cham, 2015)

    Google Scholar 

  23. C.T. Gimenez, A.P. Villegas, G. A. Maranon, HTTP data set CSIC 2010 (2010)

    Google Scholar 

  24. R. Barga et al., Predictive Analytics with Microsoft Azure Machine Learning (Apress, 2015)

    Google Scholar 

  25. F. Amiri et al., Mutual information-based feature selection for intrusion detection systems. J. Network Comput. Appl. 34(4), 1184–1199 (2011)

    Article  Google Scholar 

  26. F. Pedregosa et al., Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2011)

    Google Scholar 

  27. S.B. Kotsiantis, I. Zaharakis, P. Pintelas, Supervised machine learning: a review of classification techniques. Emerg. Artif. Intell. Appl. Comput. Eng. 160, 3–24 (2007)

    Google Scholar 

  28. R. Herbrich, T. Graepel, C. Campbell, Bayes point machines. J. Mach. Learn. Res. 1(Aug):245–279 (2001)

    Google Scholar 

  29. S. Haykin, N. Network, A comprehensive foundation. Neural Networks 2(2004), 41 (2004)

    Google Scholar 

  30. J. Shotton et al., Decision jungles: compact and rich models for classification. Adv. Neural Inf. Process. Syst (2013)

    Google Scholar 

  31. L. Rokach, Ensemble-based classifiers. Artif. Intell. Rev. 33(1–2), 1–39 (2010)

    Article  Google Scholar 

  32. I. Syarif et al., Application of bagging, boosting and stacking to intrusion detection, in International Workshop on Machine Learning and Data Mining in Pattern Recognition (Springer, Berlin, Heidelberg, 2012)

    Chapter  Google Scholar 

  33. B. Wang, N.Z. Gong. Stealing hyperparameters in machine learning. arXiv preprint arXiv: 1802.05351 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Applications, Manipal Institute of Technology, Manipal Academy of Higher Education, Manipal, India

    Rajagopal Smitha, K. S. Hareesha & Poornima Panduranga Kundapur

Authors
  1. Rajagopal Smitha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. S. Hareesha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Poornima Panduranga Kundapur
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rajagopal Smitha .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Software Engineering, Monmouth University, West Long Branch, NJ, USA

    Jiacun Wang

  2. Department of Information Technology, National Institute of Technology Karnataka, Surathkal, Mangaluru, Karnataka, India

    G. Ram Mohana Reddy

  3. Department of Computer Science and Engineering, JNTUH College of Engineering Hyderabad, Hyderabad, Telangana, India

    V. Kamakshi Prasad

  4. Department of Electronics and Communication Engineering, Malla Reddy College of Engineering and Technology, Secunderabad, Telangana, India

    V. Sivakumar Reddy

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Smitha, R., Hareesha, K., Kundapur, P.P. (2019). A Machine Learning Approach for Web Intrusion Detection: MAMLS Perspective. In: Wang, J., Reddy, G., Prasad, V., Reddy, V. (eds) Soft Computing and Signal Processing . Advances in Intelligent Systems and Computing, vol 900. Springer, Singapore. https://doi.org/10.1007/978-981-13-3600-3_12

Download citation

Publish with us

Policies and ethics

Search

Navigation