A two-tier system for web attack detection using linear discriminant method

Zhiyuan Tan, Aruna Jamdagni, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu, Wenjing Jia, Wei-chang Yeh

    Research output: Chapter in Book/Report/Conference proceedingChapterAcademicpeer-review

    5 Citations (Scopus)
    15 Downloads (Pure)


    Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.
    Original languageUndefined
    Title of host publicationInformation and Communications Security
    Place of PublicationBerlin
    Number of pages13
    Publication statusPublished - 2010
    Event12th International Conference on Information and Communications Security, ICICS 2010 - Barcelona, Spain
    Duration: 15 Dec 201017 Dec 2010
    Conference number: 12

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    ISSN (Print)0302-9743


    Conference12th International Conference on Information and Communications Security, ICICS 2010
    Abbreviated titleICICS


    • SCS-Cybersecurity
    • EWI-25352
    • Packet payload
    • IR-92854
    • Feature Selection
    • Linear discriminant method
    • Web-based attack
    • Intrusion Detection

    Cite this