Abstract
Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network attacks, they need to check all the signatures to identify a suspicious attack in the worst case. This is time consuming. This paper proposes an efficient two-tier IDS, which applies a statistical signature approach and a Linear Discriminant Method (LDM) for the detection of various Web-based attacks. The two-tier system converts high-dimensional feature space into a low-dimensional feature space. It is able to reduce the computational cost and integrates groups of signatures into an identical signature. The integration of signatures reduces the cost of attack identification. The final decision is made on the integrated low-dimensional feature space. Finally, the proposed two-tier system is evaluated using DARPA 1999 IDS dataset for webbased attack detection.
Chapter PDF
Similar content being viewed by others
Keywords
References
Corporation, M.: Common vulnerabilities and exposures, http://cve.mitre.org/ (accessed June 16, 2006)
Kay, J.: Low Volume Viruses: New Tools for Criminals. Network Security, 16–18 (2005)
Denning, D.E.: An Intrusion-detection Model. IEEE Transactions on Software Engineering, 222–232 (2006)
TippingPoint, http://www.tippingpoint.com/
Paxson, V.: Bro: A System for Detecting Network Intruders in Real-time. Computer Networks 31, 2435–2463 (1999)
Patcha, A., Park, J.M.: An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends. Computer Networks 51, 3448–3470 (2007)
Wang, K., Stolfo, S.J.: Anomalous Payload-based Network Intrusion Detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 203–222. Springer, Heidelberg (2004)
Mahoney, M.V.: Network Traffic Anomaly Detection Based on Packet Bytes. In: The 2003 ACM Symposium on Applied Computing, pp. 346–350. ACM, New York (2003)
Shih, H.C., Ho, J.H., Chang, C.P., Pan, J.S., Liao, B.Y., Kuo, T.H.: Detection of Network Attack and Intrusion Using PCA-ICA. In: 3rd International Conference on Innovative Computing Information and Control, p. 564(2008)
Singh, S., Silakari, S.: Generalized Discriminant Analysis Algorithm for Feature Reduction in Cyber Attack Detection System. International Journal of Computer Science and Information Security 6, 173–180 (2009)
Chen, Y., Li, Y., Cheng, X.Q., Guo, L.: Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System. In: Lipmaa, H., Yung, M., Lin, D. (eds.) Inscrypt 2006. LNCS, vol. 4318, pp. 153–167. Springer, Heidelberg (2006)
Krugel, C., Toth, T., Kirda, E.: Service Specific Anomaly detection for Network Intrusion Detection. In: The 2002 ACM Symposium on Applied Computing, pp. 201–208. ACM, New York (2002)
Wang, K., Parekh, J., Stolfo, S.: Anagram: A Content Anomaly Detector Resistant to Mimicry Attack. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 226–248. Springer, Heidelberg (2006)
Nwanze, N., Summerville, D.: Detection of Anomalous Network Packets Using Lightweight Stateless Payload Inspection. In: The 33rd IEEE Conference on Local Computer Networks, pp. 911–918 (2008)
Tan, Z., Jamdagni, A., Nanda, P., He, X.: Network Intrusion Detection Based on LDA for Payload Feature Selection. In: IEEE Globecom 2010 Workshop on Web and Pervasive Security, pp. 1–5. IEEE Press, Los Alamitos (2010) (to appear)
Jamdagni, A., Tan, Z., Nanda, P., He, X., Liu, R.: Intrusion Detection Using GSAD Model for HTTP Traffic on Web Services. In: The 6th International Wireless Communications and Mobile Computing Conference, pp. 1193–1197. ACM, New York (2010)
1999 DARPA Intrusion Detection Evaluation Data Set, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999data.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tan, Z. et al. (2010). A Two-Tier System for Web Attack Detection Using Linear Discriminant Method. In: Soriano, M., Qing, S., López, J. (eds) Information and Communications Security. ICICS 2010. Lecture Notes in Computer Science, vol 6476. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17650-0_32
Download citation
DOI: https://doi.org/10.1007/978-3-642-17650-0_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17649-4
Online ISBN: 978-3-642-17650-0
eBook Packages: Computer ScienceComputer Science (R0)