Research Article
WebAD: A Cascading Model Based on Machine Learning for Web Attacks Detection
@INPROCEEDINGS{10.1007/978-3-319-78816-6_12, author={Ying Lin and Bo Li}, title={WebAD: A Cascading Model Based on Machine Learning for Web Attacks Detection}, proceedings={Security and Privacy in Communication Networks. SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings}, proceedings_a={SECURECOMM \& ATCS \& SEPRIOT}, year={2018}, month={4}, keywords={Web attack Anomaly detection Machine learning Cascading model URI analysis}, doi={10.1007/978-3-319-78816-6_12} }
- Ying Lin
Bo Li
Year: 2018
WebAD: A Cascading Model Based on Machine Learning for Web Attacks Detection
SECURECOMM & ATCS & SEPRIOT
Springer
DOI: 10.1007/978-3-319-78816-6_12
Abstract
Anomalies in network are complicated and fast-changing, which pose serious threats to network security. In an intrusion detection system (IDS), achieving high detection rate and low false alarm rate is an essential requirement. Furthermore, faced with the explosive growth of network data, rapid recognition counts for as much as accuracy. In this paper, we propose a two-stage cascading model, named WebAD, for detecting web attacks. WebAD applies machine learning techniques to detect anomalous behaviors. However, unlike traditional approaches, WebAD divided machine learning process into two stages. In the first stage, partial but key features are selected for training and detecting to accelerate the detection speed. The intermediate results are passed to the second stage and all features are applied to refine the detection results, therefore improve the accuracy of the model. We conduct comprehensive experiments to evaluate the effectiveness and efficiency of WebAD. The results show that WebAD could significantly improve the model efficiency without sacrificing the detection accuracy. The processing speed is reduced up to more than 70% on average, with an accuracy decrease less than 1%. What’s more, the performance results on NSL-KDD also verify that WebAD could be universal to detect network flow traffics.