Web intrusion detection system combined with feature analysis and SVM optimization
Abstract The current network traffic is large, and the network attacks have multiple types. Therefore, anomaly detection model combined with machine learning is developing rapidly. Frequent occurrences of Web Application Firewall (WAF) bypass attacks and the redundancy of the data characteristics in...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
SpringerOpen
2020-02-01
|
Series: | EURASIP Journal on Wireless Communications and Networking |
Subjects: | |
Online Access: | https://doi.org/10.1186/s13638-019-1591-1 |
id |
doaj-f1e131d33a854eaaa3585b49a2bcf5de |
---|---|
record_format |
Article |
spelling |
doaj-f1e131d33a854eaaa3585b49a2bcf5de2021-02-07T12:30:20ZengSpringerOpenEURASIP Journal on Wireless Communications and Networking1687-14992020-02-01202011910.1186/s13638-019-1591-1Web intrusion detection system combined with feature analysis and SVM optimizationChao Liu0Jing Yang1Jinqiu Wu2Harbin Engineering UniversityHarbin Engineering UniversityHarbin Engineering UniversityAbstract The current network traffic is large, and the network attacks have multiple types. Therefore, anomaly detection model combined with machine learning is developing rapidly. Frequent occurrences of Web Application Firewall (WAF) bypass attacks and the redundancy of the data characteristics in Hypertext Transfer Protocol (HTTP) protocol make it difficult to extract data characteristics. In this paper, an integrated web intrusion detection system combined with feature analysis and support vector machine (SVM) optimization is proposed. By using expert’s knowledge, the characteristics of the common Web attacks are analyzed. The related data characteristics are selected by the analysis of the HTTP protocol. In the classification learning, the mature and robust support vector machine algorithm is utilized and the grid search method is used for the parameter optimization. Consequently, a better detection capability on Web attacks can be obtained. By using the HTTP DATASET CSIC 2010 data set, experiments have been carried out to compare the detection capability of different kernel functions. The results show that the proposed system performs good in the detection capability and can detect the WAF bypass attacks effectively.https://doi.org/10.1186/s13638-019-1591-1Hidden Markov modelProtocol analysisSupport vector machineGrid search |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Chao Liu Jing Yang Jinqiu Wu |
spellingShingle |
Chao Liu Jing Yang Jinqiu Wu Web intrusion detection system combined with feature analysis and SVM optimization EURASIP Journal on Wireless Communications and Networking Hidden Markov model Protocol analysis Support vector machine Grid search |
author_facet |
Chao Liu Jing Yang Jinqiu Wu |
author_sort |
Chao Liu |
title |
Web intrusion detection system combined with feature analysis and SVM optimization |
title_short |
Web intrusion detection system combined with feature analysis and SVM optimization |
title_full |
Web intrusion detection system combined with feature analysis and SVM optimization |
title_fullStr |
Web intrusion detection system combined with feature analysis and SVM optimization |
title_full_unstemmed |
Web intrusion detection system combined with feature analysis and SVM optimization |
title_sort |
web intrusion detection system combined with feature analysis and svm optimization |
publisher |
SpringerOpen |
series |
EURASIP Journal on Wireless Communications and Networking |
issn |
1687-1499 |
publishDate |
2020-02-01 |
description |
Abstract The current network traffic is large, and the network attacks have multiple types. Therefore, anomaly detection model combined with machine learning is developing rapidly. Frequent occurrences of Web Application Firewall (WAF) bypass attacks and the redundancy of the data characteristics in Hypertext Transfer Protocol (HTTP) protocol make it difficult to extract data characteristics. In this paper, an integrated web intrusion detection system combined with feature analysis and support vector machine (SVM) optimization is proposed. By using expert’s knowledge, the characteristics of the common Web attacks are analyzed. The related data characteristics are selected by the analysis of the HTTP protocol. In the classification learning, the mature and robust support vector machine algorithm is utilized and the grid search method is used for the parameter optimization. Consequently, a better detection capability on Web attacks can be obtained. By using the HTTP DATASET CSIC 2010 data set, experiments have been carried out to compare the detection capability of different kernel functions. The results show that the proposed system performs good in the detection capability and can detect the WAF bypass attacks effectively. |
topic |
Hidden Markov model Protocol analysis Support vector machine Grid search |
url |
https://doi.org/10.1186/s13638-019-1591-1 |
work_keys_str_mv |
AT chaoliu webintrusiondetectionsystemcombinedwithfeatureanalysisandsvmoptimization AT jingyang webintrusiondetectionsystemcombinedwithfeatureanalysisandsvmoptimization AT jinqiuwu webintrusiondetectionsystemcombinedwithfeatureanalysisandsvmoptimization |
_version_ |
1724281058844737536 |