Abstract
The current network traffic is large, and the network attacks have multiple types. Therefore, anomaly detection model combined with machine learning is developing rapidly. Frequent occurrences of Web Application Firewall (WAF) bypass attacks and the redundancy of the data characteristics in Hypertext Transfer Protocol (HTTP) protocol make it difficult to extract data characteristics. In this paper, an integrated web intrusion detection system combined with feature analysis and support vector machine (SVM) optimization is proposed. By using expert’s knowledge, the characteristics of the common Web attacks are analyzed. The related data characteristics are selected by the analysis of the HTTP protocol. In the classification learning, the mature and robust support vector machine algorithm is utilized and the grid search method is used for the parameter optimization. Consequently, a better detection capability on Web attacks can be obtained. By using the HTTP DATASET CSIC 2010 data set, experiments have been carried out to compare the detection capability of different kernel functions. The results show that the proposed system performs good in the detection capability and can detect the WAF bypass attacks effectively.
Highlights
The 2017 Global Threat Intelligence Center (GTIC) [1] Q2 threat intelligence report pointed out that among all types of attacks, Web application have the highest proportion of attacks, accounting for 21%, of which Structure Query Language (SQL) injection accounts for 97%.the prevention of Web attacks is still the most important
4.1 Design of the intrusion detection system The feature analysis and support vector machine (SVM) algorithm-optimized Web intrusion detection system proposed in this paper is mainly composed of data preprocessing, model research, and event response
The data preprocessing stage is mainly divided into two parts: parameter feature detection and data normalization processing: 1) Parameter feature detection: According to the detection points summarized in the Web attack feature, the data is characterized, and the parameter matching value of the data packet is obtained by using the string matching algorithm which is taken as the tag value of the attribute
Summary
The 2017 Global Threat Intelligence Center (GTIC) [1] Q2 threat intelligence report pointed out that among all types of attacks, Web application have the highest proportion of attacks, accounting for 21%, of which Structure Query Language (SQL) injection accounts for 97%.the prevention of Web attacks is still the most important. Abnormal intrusion detection based on data mining and machine learning has been developed rapidly in order to better exploit intrusion characteristics. In 2014, Devaraju et al used the neural network algorithms in the intrusion detection [2] to effectively perform feature extraction and classification. Zhao et al applied the Markov model to IDS in conjunction with the commonly used method of reference [3]. Mukkamala et al applied the supervised standard SVM algorithm to intrusion detection [4], which has better detection effect compared with the intrusion detection using the neural network method
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
