Abstract
Feature selection for filtering HTTP-traffic in Web application firewalls (WAFs) is an important task. We focus on the Generic-Feature-Selection (GeFS) measure [4], which was successfully tested on low-level package filters, i.e., the KDD CUP’99 dataset. However, the performance of the GeFS measure in analyzing high-level HTTP-traffic is still unknown. In this paper we study the GeFS measure for WAFs. We conduct experiments on the publicly available ECML/PKDD-2007 dataset. Since this dataset does not target any real Web application, we additionally generate our new CSIC-2010 dataset. We analyze the statistical properties of both two datasets to provide more insides of their nature and quality. Subsequently, we determine appropriate instances of the GeFS measure for feature selection. We use different classifiers to test the detection accuracies. The experiments show that we can remove 63% of irrelevant and redundant features from the original dataset, while reducing only 0.12% the detection accuracy of WAFs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification. John Wiley & Sons, USA (2001)
Guyon, I., Gunn, S., Nikravesh, M., Zadeh, L.A.: Feature Extraction: Foundations and Applications. Series Studies in Fuzziness and Soft Computing. Springer, Heidelberg (2005)
Liu, H., Motoda, H.: Computational Methods of Feature Selection. Chapman & Hall/CRC, Boca Raton (2008)
Nguyen, H., Franke, K., Petrović, S.: Towards a Generic Feature-Selection Measure for Intrusion Detection. In: 20th International Conference on Pattern Recognition, Istanbul, Turkey, pp. 1529–1532 (August 2010)
Torrano-Gimenez, C., Perez-Villegas, A., Alvarez, G.: A Self-Learning Anomaly-Based Web Application Firewall. In: Proceedings of Computational Intelligence In Security For Information Systems (CISIS 2009), pp. 85–92 (2009)
Rassi, C., Brissaud, J., Dray, G., Poncelet, P., Roche, M., Teisseire, M.: Web Analyzing Traffic Challenge: Description and Results. In: Proceedings of the Discovery Challenge ECML/PKDD 2007, pp. 47–52 (2007)
McHugh, J.: Testing Intrusion Detection Systems: Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. Proc. ACM Transactions on Information and System Security (TISSEC) 3(4), 262–294 (2000)
Becher, M.: Web Application Firewalls. VDM Verlag Dr. Mueller e.K. (February 1, 2007); ISBN-10: 383640446X, ISBN-13: 978-3836404464
Lee, W.: A data mining framework for building intrusion detection models. In: IEEE Symposium on Security and Privacy, Berkeley, California, pp. 120–132 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrović, S., Franke, K. (2011). Application of the Generic Feature Selection Measure in Detection of Web Attacks. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-21323-6_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21322-9
Online ISBN: 978-3-642-21323-6
eBook Packages: Computer ScienceComputer Science (R0)