A two-tier system for web attack detection using linear discriminant method

Zhiyuan Tan; Aruna Jamdagni; Priyadarsi Nanda; Xiangjian He; Ren Ping Liu; Wenjing Jia; Wei-chang Yeh

doi:10.1007/978-3-642-17650-0_32

A two-tier system for web attack detection using linear discriminant method

Zhiyuan Tan, Aruna Jamdagni, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu, Wenjing Jia, Wei-chang Yeh

Research output: Chapter in Book/Report/Conference proceeding › Chapter › Academic › peer-review

5 Citations (Scopus)

16 Downloads (Pure)

Abstract

Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.

Original language	Undefined
Title of host publication	Information and Communications Security
Place of Publication	Berlin
Publisher	Springer
Pages	459-471
Number of pages	13
DOIs	https://doi.org/10.1007/978-3-642-17650-0_32
Publication status	Published - 2010
Event	12th International Conference on Information and Communications Security, ICICS 2010 - Barcelona, Spain Duration: 15 Dec 2010 → 17 Dec 2010 Conference number: 12

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Verlag
Volume	6476
ISSN (Print)	0302-9743

Conference

Conference	12th International Conference on Information and Communications Security, ICICS 2010
Abbreviated title	ICICS
Country	Spain
City	Barcelona
Period	15/12/10 → 17/12/10

Keywords

SCS-Cybersecurity
EWI-25352
Packet payload
IR-92854
Feature Selection
Linear discriminant method
Web-based attack
Intrusion Detection

Access to Document

10.1007/978-3-642-17650-0_32

chp%3A10.1007%2F978-3-642-17650-0_32
open

Cite this

@inbook{65b16436c8804d72987344e5793a7823,

title = "A two-tier system for web attack detection using linear discriminant method",

abstract = "Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.",

keywords = "SCS-Cybersecurity, EWI-25352, Packet payload, IR-92854, Feature Selection, Linear discriminant method, Web-based attack, Intrusion Detection",

author = "Zhiyuan Tan and Aruna Jamdagni and Priyadarsi Nanda and Xiangjian He and Liu, {Ren Ping} and Wenjing Jia and Wei-chang Yeh",

year = "2010",

doi = "10.1007/978-3-642-17650-0_32",

language = "Undefined",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "459--471",

booktitle = "Information and Communications Security",

note = "null ; Conference date: 15-12-2010 Through 17-12-2010",

}

Tan, Z, Jamdagni, A, Nanda, P, He, X, Liu, RP, Jia, W & Yeh, W 2010, A two-tier system for web attack detection using linear discriminant method. in Information and Communications Security. Lecture Notes in Computer Science, vol. 6476, Springer, Berlin, pp. 459-471, 12th International Conference on Information and Communications Security, ICICS 2010, Barcelona, Spain, 15/12/10. https://doi.org/10.1007/978-3-642-17650-0_32

A two-tier system for web attack detection using linear discriminant method. / Tan, Zhiyuan; Jamdagni, Aruna; Nanda, Priyadarsi; He, Xiangjian; Liu, Ren Ping; Jia, Wenjing; Yeh, Wei-chang.

Information and Communications Security. Berlin : Springer, 2010. p. 459-471 (Lecture Notes in Computer Science; Vol. 6476).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › Academic › peer-review

TY - CHAP

T1 - A two-tier system for web attack detection using linear discriminant method

AU - Tan, Zhiyuan

AU - Jamdagni, Aruna

AU - Nanda, Priyadarsi

AU - He, Xiangjian

AU - Liu, Ren Ping

AU - Jia, Wenjing

AU - Yeh, Wei-chang

N1 - Conference code: 12

PY - 2010

Y1 - 2010

N2 - Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.

AB - Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.

KW - SCS-Cybersecurity

KW - EWI-25352

KW - Packet payload

KW - IR-92854

KW - Feature Selection

KW - Linear discriminant method

KW - Web-based attack

KW - Intrusion Detection

U2 - 10.1007/978-3-642-17650-0_32

DO - 10.1007/978-3-642-17650-0_32

M3 - Chapter

T3 - Lecture Notes in Computer Science

SP - 459

EP - 471

BT - Information and Communications Security

PB - Springer

CY - Berlin

Y2 - 15 December 2010 through 17 December 2010

ER -