High-speed web attack detection through extracting exemplars from HTTP traffic

Handle URI:
http://hdl.handle.net/10754/564336
Title:
High-speed web attack detection through extracting exemplars from HTTP traffic
Authors:
Wang, Wei; Zhang, Xiangliang ( 0000-0002-3574-5665 )
Abstract:
In this work, we propose an effective method for high-speed web attack detection by extracting exemplars from HTTP traffic before the detection model is built. The smaller set of exemplars keeps valuable information of the original traffic while it significantly reduces the size of the traffic so that the detection remains effective and improves the detection efficiency. The Affinity Propagation (AP) is employed to extract the exemplars from the HTTP traffic. K-Nearest Neighbor(K-NN) and one class Support Vector Machine (SVM) are used for anomaly detection. To facilitate comparison, we also employ information gain to select key attributes (a.k.a. features) from the HTTP traffic for web attack detection. Two large real HTTP traffic are used to validate our methods. The extensive test results show that the AP based exemplar extraction significantly improves the real-time performance of the detection compared to using all the HTTP traffic and achieves a more robust detection performance than information gain based attribute selection for web attack detection. © 2011 ACM.
KAUST Department:
Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division; Computer Science Program; Machine Intelligence & kNowledge Engineering Lab
Publisher:
Association for Computing Machinery (ACM)
Journal:
Proceedings of the 2011 ACM Symposium on Applied Computing - SAC '11
Conference/Event name:
26th Annual ACM Symposium on Applied Computing, SAC 2011
Issue Date:
2011
DOI:
10.1145/1982185.1982512
Type:
Conference Paper
ISBN:
9781450301138
Appears in Collections:
Conference Papers; Computer Science Program; Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division

Full metadata record

DC FieldValue Language
dc.contributor.authorWang, Weien
dc.contributor.authorZhang, Xiangliangen
dc.date.accessioned2015-08-04T06:24:05Zen
dc.date.available2015-08-04T06:24:05Zen
dc.date.issued2011en
dc.identifier.isbn9781450301138en
dc.identifier.doi10.1145/1982185.1982512en
dc.identifier.urihttp://hdl.handle.net/10754/564336en
dc.description.abstractIn this work, we propose an effective method for high-speed web attack detection by extracting exemplars from HTTP traffic before the detection model is built. The smaller set of exemplars keeps valuable information of the original traffic while it significantly reduces the size of the traffic so that the detection remains effective and improves the detection efficiency. The Affinity Propagation (AP) is employed to extract the exemplars from the HTTP traffic. K-Nearest Neighbor(K-NN) and one class Support Vector Machine (SVM) are used for anomaly detection. To facilitate comparison, we also employ information gain to select key attributes (a.k.a. features) from the HTTP traffic for web attack detection. Two large real HTTP traffic are used to validate our methods. The extensive test results show that the AP based exemplar extraction significantly improves the real-time performance of the detection compared to using all the HTTP traffic and achieves a more robust detection performance than information gain based attribute selection for web attack detection. © 2011 ACM.en
dc.publisherAssociation for Computing Machinery (ACM)en
dc.titleHigh-speed web attack detection through extracting exemplars from HTTP trafficen
dc.typeConference Paperen
dc.contributor.departmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Divisionen
dc.contributor.departmentComputer Science Programen
dc.contributor.departmentMachine Intelligence & kNowledge Engineering Laben
dc.identifier.journalProceedings of the 2011 ACM Symposium on Applied Computing - SAC '11en
dc.conference.date21 March 2011 through 24 March 2011en
dc.conference.name26th Annual ACM Symposium on Applied Computing, SAC 2011en
dc.conference.locationTaiChungen
dc.contributor.institutionInterdisciplinary Centre for Security, Reliability and Trust (SnT Centre), Université du Luxembourg, Luxembourgen
kaust.authorZhang, Xiangliangen
All Items in KAUST are protected by copyright, with all rights reserved, unless otherwise indicated.