Web intrusion detection system combined with feature analysis and SVM optimization

• Main Authors: Chao Liu, Jing Yang, Jinqiu Wu
• Format: Article
• Language: English
• Published: SpringerOpen 2020-02-01
• Series: EURASIP Journal on Wireless Communications and Networking
• Subjects: Hidden Markov model; Protocol analysis; Support vector machine; Grid search
• Online Access: https://doi.org/10.1186/s13638-019-1591-1

Abstract The current network traffic is large, and the network attacks have multiple types. Therefore, anomaly detection model combined with machine learning is developing rapidly. Frequent occurrences of Web Application Firewall (WAF) bypass attacks and the redundancy of the data characteristics in Hypertext Transfer Protocol (HTTP) protocol make it difficult to extract data characteristics. In this paper, an integrated web intrusion detection system combined with feature analysis and support vector machine (SVM) optimization is proposed. By using expert’s knowledge, the characteristics of the common Web attacks are analyzed. The related data characteristics are selected by the analysis of the HTTP protocol. In the classification learning, the mature and robust support vector machine algorithm is utilized and the grid search method is used for the parameter optimization. Consequently, a better detection capability on Web attacks can be obtained. By using the HTTP DATASET CSIC 2010 data set, experiments have been carried out to compare the detection capability of different kernel functions. The results show that the proposed system performs good in the detection capability and can detect the WAF bypass attacks effectively.