Mahalanobis Distance Map approach for Anomaly Detection of web-based attacks

Jamdagni, A; Tan, Z; Nanda, P; He, X; Liu, RP

Mahalanobis Distance Map approach for Anomaly Detection of web-based attacks

Jamdagni, A Tan, Z Nanda, P

He, X

Liu, RP

Permalink

Publication Type:: Conference Proceeding
Citation:: Proceedings of the 8th Australian Information Security Management Conference, 2010, pp. 8 - 17
Issue Date:: 2010-12-01

Closed Access

	Filename	Description	Size
	2009008276OK.pdf		995.86 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Jamdagni, A	en_US
dc.contributor.author	Tan, Z	en_US
dc.contributor.author	Nanda, P https://orcid.org/0000-0002-5748-155X	en_US
dc.contributor.author	He, X https://orcid.org/0000-0001-8962-540X	en_US
dc.contributor.author	Liu, RP https://orcid.org/0000-0001-7001-6305	en_US
dc.date.issued	2010-12-01	en_US
dc.identifier.citation	Proceedings of the 8th Australian Information Security Management Conference, 2010, pp. 8 - 17	en_US
dc.identifier.isbn	9780729806886	en_US
dc.identifier.uri	http://hdl.handle.net/10453/16215
dc.description.abstract	Web servers and web-based applications are commonly used as attack targets. The main issues are how to prevent unauthorised access and to protect web servers from the attack. Intrusion Detection Systems (IDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. In this paper, we focus on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model and we also propose a novel algorithm for the selection of most discriminating features to improve the computational complexity of payload-based GSAD model. Linear Discriminant method (LDA) is used for the feature reduction and classification of the incoming network traffic. GSAD model is based on a pattern recognition technique used in image processing. It analyses the correlations between various payload features and uses Mahalanobis Distance Map (MDM) to calculate the difference between normal and abnormal network traffic. We focus on the detection of generic attacks, shell code attacks, polymorphic attacks and polymorphic blending attacks. We evaluate accuracy of GSAD model experimentally on the real-world attacks dataset created at Georgia Institute of Technology. We conducted preliminary experiments on the DARPA 99 dataset to evaluate the accuracy of feature reduction.	en_US
dc.relation.ispartof	Proceedings of the 8th Australian Information Security Management Conference	en_US
dc.title	Mahalanobis Distance Map approach for Anomaly Detection of web-based attacks	en_US
dc.type	Conference Proceeding
utslib.for	080303 Computer System Security	en_US
dc.location.activity	Perth, Western Australia	en_US
dc.location.activity	ISI:000276262500077
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney/Strength - CRIN - Realtime Information Networks
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
pubs.organisational-group	/University of Technology Sydney/Strength - INEXT - Innovation in IT Services and Applications
utslib.copyright.status	closed_access
pubs.publication-status	Published	en_US

Abstract:

Web servers and web-based applications are commonly used as attack targets. The main issues are how to prevent unauthorised access and to protect web servers from the attack. Intrusion Detection Systems (IDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. In this paper, we focus on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model and we also propose a novel algorithm for the selection of most discriminating features to improve the computational complexity of payload-based GSAD model. Linear Discriminant method (LDA) is used for the feature reduction and classification of the incoming network traffic. GSAD model is based on a pattern recognition technique used in image processing. It analyses the correlations between various payload features and uses Mahalanobis Distance Map (MDM) to calculate the difference between normal and abnormal network traffic. We focus on the detection of generic attacks, shell code attacks, polymorphic attacks and polymorphic blending attacks. We evaluate accuracy of GSAD model experimentally on the real-world attacks dataset created at Georgia Institute of Technology. We conducted preliminary experiments on the DARPA 99 dataset to evaluate the accuracy of feature reduction.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/16215