High-speed web attack detection through extracting exemplars from HTTP traffic

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

In this work, we propose an effective method for high-speed web attack detection by extracting exemplars from HTTP traffic before the detection model is built. The smaller set of exemplars keeps valuable information of the original traffic while it significantly reduces the size of the traffic so that the detection remains effective and improves the detection efficiency. The Affinity Propagation (AP) is employed to extract the exemplars from the HTTP traffic. K-Nearest Neighbor(K-NN) and one class Support Vector Machine (SVM) are used for anomaly detection. To facilitate comparison, we also employ information gain to select key attributes (a.k.a. features) from the HTTP traffic for web attack detection. Two large real HTTP traffic are used to validate our methods. The extensive test results show that the AP based exemplar extraction significantly improves the real-time performance of the detection compared to using all the HTTP traffic and achieves a more robust detection performance than information gain based attribute selection for web attack detection. © 2011 ACM.
Original languageEnglish (US)
Title of host publicationProceedings of the 2011 ACM Symposium on Applied Computing - SAC '11
PublisherAssociation for Computing Machinery (ACM)
Pages1538-1543
Number of pages6
ISBN (Print)9781450301138
DOIs
StatePublished - 2011

Fingerprint Dive into the research topics of 'High-speed web attack detection through extracting exemplars from HTTP traffic'. Together they form a unique fingerprint.

Cite this