Abstract
Decision tree learning algorithms have been successfully used in knowledge discovery. They use induction in order to provide an appropriate classification of objects in terms of their attributes, inferring decision tree rules. This paper reports on the use of ID3 to Web attack detection. Even though simple, ID3 is sufficient to put apart a number of Web attacks, including a large proportion of their variants. It also surpasses existing methods: it portrays a higher true-positive detection rate and a lower false-positive one. The IDS output classification rules that are easy to read and so computer officers are more likely to grasp the root of an attack, as well as extending the capabilities of the classifier.
We are grateful to the anonymous referees for their useful comments on an earlier draft of this paper. This research was supported by three grants: FRIDA, CONACYT 47557 and ITESM CCEM-0302-05.
Chapter PDF
Similar content being viewed by others
Keywords
- Intrusion Detection
- Intrusion Detection System
- Uniform Resource Locator
- Directory Traversal
- Code Injection
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Amor NB, Benferhat S, Elouedi Z (2004) Naive bayes vs decision trees in intrusion detection systems. In Omicini A, Wainwright RL (eds) Proceedings of the 2004 ACM symposium on Applied computing, pages 420–424. ACM Press
Barbará D, Couto J, Jajodia S, Wu N (2001) ADAM: A testbed for exploring the use of data mining in intrusion detection. SIC MOD Record, 30(4): 15–24
Clark P, Niblett T (1989) The CN2 induction algorithm. Machine Learning, 3:261–283
Cohen WW (1995) Fast effective rule induction. In Prieditis A, Russell SJ (eds) Proceedings of the Twelfth International Conference on Machine Learning, pages 115–123. Morgan Kaufmann
Lee W, Stolfo SJ (1999) Combining knowledge discovery and knowledge engineering to build idss. In Recent Advances in Intrusion Detection (RAID’99)
Mukkamala S, Janoski GI, Sung AH (2000) Monitoring system security using neural networks and support vector machines. In Abraham A, Köppen M (eds) Proceedings of the First International Workshop on Hybrid Intelligent Systems, Advances in Soft Computing, pages 121–137. Physica-Verlag
Quinlan JR (1986) Induction of decision trees. Machine Learning, 1(1):81–106
Quinlan JR (1987) Simplifying decision trees. International Journal of Man-Machine Studies, 27(3):221–234
Schonlau M, DuMouchel W, Ju WH, Karr AF, Theus M, Vardi W (2001) Computer Intrusion: Detecting Masquerades. Statistical Science, 16:58–74
Stolfo SJ, Prodromidis AL, Tselepis S, Lee W, Fan DW, Chan PK (1997) JAM: Java agents for meta-learning over distributed databases. In Heckerman D, Mannila H, Pregibon D (eds) Proceedings of the Third International Conference on Knowledge Discovery and Data Mining (KDD-97), pages 74–81. AAAI Press
Teng H, Chen S, Lu S (1990) Adaptive real-time anomaly detection using inductively generated sequential patterns. In Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, pages 278–284. IEEE Computer Society Press
Torres E (2003) Sistema inmunológico para la detección de intrusos a nivel de protocolo HTTP. PhD thesis, Pontificia Universidad Javeriana
Valdes A, Skinner K (2000) Adaptive, model-based monitoring for cyber attack detection. In Debar H, Mé L, Wu SF (eds) Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, RAID 2000, volume 1907 of Lecture Notes in Computer Science, pages 80–92. Springer
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
García, V.H., Monroy, R., Quintana, M. (2006). Web Attack Detection Using ID3. In: Debenham, J. (eds) Professional Practice in Artificial Intelligence. IFIP WCC TC12 2006. IFIP International Federation for Information Processing, vol 218. Springer, Boston, MA . https://doi.org/10.1007/978-0-387-34749-3_34
Download citation
DOI: https://doi.org/10.1007/978-0-387-34749-3_34
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-34655-7
Online ISBN: 978-0-387-34749-3
eBook Packages: Computer ScienceComputer Science (R0)