Generalized Outlier Gaussian Mixture Technique Based on Automated Association Features for Simulating and Detecting Web Application Attacks

Abstract

Web application attacks constitute considerable security threats to computer networks and end users. Existing threat detection methods are mostly designed on signature-based approaches which cannot recognize zero-day vulnerabilities. Moreover, with the minimal availability of real-world web attack data, the effectiveness of such approaches is limited further. In this paper, we propose an architectural scheme for designing a threat intelligence technique for web attacks to address these challenges through a four-step methodology: 1) collecting web attack data by crawling websites and accumulating network traffic for representing this data as feature vectors; 2) dynamically extracting important features using the Association Rule Mining (ARM) algorithm; 3 ) using these extracted features to simulate web attack data; and 4) proposing a new Outlier Gaussian Mixture (OGM) technique for detecting known as well as zero-day attacks based on the anomaly detection methodology. The performance of the scheme is appraised using two well-known datasets, namely, the Web Attack and UNSW-NB15 datasets. The empirical evaluations demonstrate that the proposed scheme outperforms four other competing machine learning mechanisms in terms of detection rate and false alarm rates on both the original as well as simulated web data.