Security and Privacy in Communication Networks. SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

WebAD: A Cascading Model Based on Machine Learning for Web Attacks Detection

Download
209 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78816-6_12,
        author={Ying Lin and Bo Li},
        title={WebAD: A Cascading Model Based on Machine Learning for Web Attacks Detection},
        proceedings={Security and Privacy in Communication Networks. SecureComm 2017 International Workshops, ATCS and SePrIoT, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM \& ATCS \& SEPRIOT},
        year={2018},
        month={4},
        keywords={Web attack Anomaly detection Machine learning Cascading model URI analysis},
        doi={10.1007/978-3-319-78816-6_12}
    }
    
  • Ying Lin
    Bo Li
    Year: 2018
    WebAD: A Cascading Model Based on Machine Learning for Web Attacks Detection
    SECURECOMM & ATCS & SEPRIOT
    Springer
    DOI: 10.1007/978-3-319-78816-6_12
Ying Lin1,*, Bo Li1,*
  • 1: Beihang University
*Contact email: linying@act.buaa.edu.cn, libo@act.buaa.edu.cn

Abstract

Anomalies in network are complicated and fast-changing, which pose serious threats to network security. In an intrusion detection system (IDS), achieving high detection rate and low false alarm rate is an essential requirement. Furthermore, faced with the explosive growth of network data, rapid recognition counts for as much as accuracy. In this paper, we propose a two-stage cascading model, named WebAD, for detecting web attacks. WebAD applies machine learning techniques to detect anomalous behaviors. However, unlike traditional approaches, WebAD divided machine learning process into two stages. In the first stage, partial but key features are selected for training and detecting to accelerate the detection speed. The intermediate results are passed to the second stage and all features are applied to refine the detection results, therefore improve the accuracy of the model. We conduct comprehensive experiments to evaluate the effectiveness and efficiency of WebAD. The results show that WebAD could significantly improve the model efficiency without sacrificing the detection accuracy. The processing speed is reduced up to more than 70% on average, with an accuracy decrease less than 1%. What’s more, the performance results on NSL-KDD also verify that WebAD could be universal to detect network flow traffics.