The Library
A new unified intrusion anomaly detection in identifying unseen web attacks
Tools
Kamarudin, Muhammad Hilmi, Maple, Carsten, Watson, Tim and Sohrabi Safa, Nader (2017) A new unified intrusion anomaly detection in identifying unseen web attacks. Security and Communication Networks, 2017 . pp. 1-18. 2539034. doi:10.1155/2017/2539034 ISSN 1939-0114.
|
PDF
WRAP-new-unified-intrusion-anomaly-detection-identifying-unseen-web-attacks-Kamarudin-2017.pdf - Published Version - Requires a PDF viewer. Available under License Creative Commons Attribution 4.0. Download (2442Kb) | Preview |
Official URL: https://doi.org/10.1155/2017/2539034
Abstract
The global usage of more sophisticated web-based application systems is obviously growing very rapidly. Major usage includes the storing and transporting of sensitive data over the Internet. The growth has consequently opened up a serious need for more secured network and application security protection devices. Security experts normally equip their databases with a large number of signatures to help in the detection of known web-based threats. In reality, it is almost impossible to keep updating the database with the newly identified web vulnerabilities. As such, new attacks are invisible. This research presents a novel approach of Intrusion Detection System (IDS) in detecting unknown attacks on web servers using the Unified Intrusion Anomaly Detection (UIAD) approach. The unified approach consists of three components (preprocessing, statistical analysis, and classification). Initially, the process starts with the removal of irrelevant and redundant features using a novel hybrid feature selection method. Thereafter, the process continues with the application of a statistical approach to identifying traffic abnormality. We performed Relative Percentage Ratio (RPR) coupled with Euclidean Distance Analysis (EDA) and the Chebyshev Inequality Theorem (CIT) to calculate the normality score and generate a finest threshold. Finally, Logitboost (LB) is employed alongside Random Forest (RF) as a weak classifier, with the aim of minimising the final false alarm rate. The experiment has demonstrated that our approach has successfully identified unknown attacks with greater than a 95% detection rate and less than a 1% false alarm rate for both the DARPA 1999 and the ISCX 2012 datasets.
Item Type: | Journal Article | ||||||||
---|---|---|---|---|---|---|---|---|---|
Subjects: | Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software | ||||||||
Divisions: | Faculty of Science, Engineering and Medicine > Engineering > WMG (Formerly the Warwick Manufacturing Group) | ||||||||
Library of Congress Subject Headings (LCSH): | Intrusion detection systems (Computer security), Computer networks -- Security measures | ||||||||
Journal or Publication Title: | Security and Communication Networks | ||||||||
Publisher: | John Wiley & Sons, Inc. | ||||||||
ISSN: | 1939-0114 | ||||||||
Official Date: | 7 November 2017 | ||||||||
Dates: |
|
||||||||
Volume: | 2017 | ||||||||
Page Range: | pp. 1-18 | ||||||||
Article Number: | 2539034 | ||||||||
DOI: | 10.1155/2017/2539034 | ||||||||
Status: | Peer Reviewed | ||||||||
Publication Status: | Published | ||||||||
Access rights to Published version: | Open Access (Creative Commons) | ||||||||
Date of first compliant deposit: | 4 January 2018 | ||||||||
Date of first compliant Open Access: | 4 January 2018 |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |
Downloads
Downloads per month over past year