A two-tier system for web attack detection using linear discriminant method

Authors:
Zhiyuan Tan;Aruna Jamdagni;Xiangjian He;Priyadarsi Nanda;Ren Ping Liu;Wenjing Jia;Wei-chang Yeh
Affiliations:
Centre for Innovation in IT Services and Applications, iNEXT, University of Technology, Sydney, Australia;Centre for Innovation in IT Services and Applications, iNEXT, University of Technology, Sydney, Australia and CSIRO, ICT Centre, Australia;Centre for Innovation in IT Services and Applications, iNEXT, University of Technology, Sydney, Australia;Centre for Innovation in IT Services and Applications, iNEXT, University of Technology, Sydney, Australia;CSIRO, ICT Centre, Australia;Centre for Innovation in IT Services and Applications, iNEXT, University of Technology, Sydney, Australia;Department of Industrial Engineering and Engineering Management, National Tsing Hua University, Hsinchu, Taiwan R.O.C.
Venue:
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Year:
2010

Citing 10
Cited 3

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
Service specific anomaly detection for network intrusion detection

Proceedings of the 2002 ACM symposium on Applied computing
Network traffic anomaly detection based on packet bytes

Proceedings of the 2003 ACM symposium on Applied computing
An overview of anomaly detection techniques: Existing solutions and latest technological trends

Computer Networks: The International Journal of Computer and Telecommunications Networking
Detection of Network Attack and Intrusion Using PCA-ICA

ICICIC '08 Proceedings of the 2008 3rd International Conference on Innovative Computing Information and Control
Intrusion detection using GSAD model for HTTP traffic on web services

Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Viruses: Low volume viruses: new tools for criminals

Network Security
Survey and taxonomy of feature selection algorithms in intrusion detection system

Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Anagram: a content anomaly detector resistant to mimicry attack

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Multivariate correlation analysis technique based on Euclidean distance map for network traffic characterization

ICICS'11 Proceedings of the 13th international conference on Information and communications security
Detection of HTTP-GET attack with clustering and information theoretic measurements

FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Evaluation on multivariate correlation analysis based denial-of-service attack detection system

Proceedings of the First International Conference on Security of Internet of Things

Quantified Score

Hi-index	0.00

Visualization

Abstract

Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.