Abstract
Most active research in Host and Network Intrusion Detection Systems are only able to detect attacks on the computer systems and at the network layer, which are not sufficient to counteract SOAP/REST or XML/JSON-related attacks. In dealing with the problem of anomaly detection in web service message datasets, this paper proposes an anomaly detection system called the Online Adaptive Deep-Packet Inspector (O-ADPI) for web service message attacks classification. The proposed approach relies on multiple statistical methods which use Unigram-based Weighting Scheme (UWS) that combines text mining techniques with a set of different statistical criteria for Feature Selection Engine (FSE) to effectively and efficiently explore optimal subspaces in detecting anomalies embedded deep in the high dimensional feature subspaces. We utilize a supervised intrusion detection algorithm based on Mahalanobis Distance Map classifier. As web service attacks can be classified into anomaly and normal, the task of anomaly detection can be modeled as a classification problem. The O-ADPI model was assessed for F-value, true positive rate (TPR), and false positive rate (FPR) in order to evaluate the detection performance of O-ADPI against different type of feature selections engines with corresponding PCs for each message-specific service. The experiments were performed using the REST-IDS Dataset 2015 and the results demonstrated that the proposed O-ADPI model achieved the best results in each message-specific service.
Highlights
The use of computer networks has become imperative to organizations
In effort to detect more attacks at the service layer, this paper proposes an Online Adaptive Deep-Packet Inspector (O-ADPI) model that is targeted for web service message attacks in order to effectively counter tag injection attacks, XML injection, JavaScript Object Notation (JSON) injection, XML Denial-ofService (DoS) attacks as well as Hypertext Transfer Protocol (HTTP) Parameter Pollution (HPP) attacks
The O-ADPI model uses four techniques for constructing models of normal web service messages, all of which rely on contentbased unigram weighting scheme analysis by utilizing principle component analysis, feature selection engines and a supervised statistical model, called Mahalanobis Distance Map
Summary
The use of computer networks has become imperative to organizations. This fact broadens the scope for network attackers and increases the damage that these attacks may cause. All standard security appliances such as network firewalls, content filters, or network intrusion detection/prevention systems are not able to block the intruders from attacking the web services [4]. This is because current IDSs are incapable of deducing payload attacks inside the XML and JSON messages at the service level, they are insufficient for detecting and preventing the concealed threats in apparent constant network traffics [5]. O-ADPI can handle high-dimensional information in SOAP/REST web services base on XML/JSON data payload, where most of the approaches that exist unable to.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
