Mahalanobis Distance Map Approach for Anomaly Detection of Web-Based Attacks

Publisher:
Secau - Security Research Centre
Publication Type:
Journal Article
Citation:
Journal of Network Forensics, 2011, 2 (2), pp. 25 - 39
Issue Date:
2011-01
Full metadata record
Files in This Item:
Filename Description Size
Mahalanobis Distance Map Approach for Anomaly Detection.pdfPublished Version422.05 kB
Adobe PDF
Web serverss and web-based applications are commonly used attack targets. The main issue are how to prevent unauthorized access and to protect web server from the attack. Intrusion Detection Systems and networks. This paper focuses on the detection of various web-based attacks using Geometrical Structure Anomaly Detectin (GSAD) model. Further, a novel algorithm is proposed using Linear Discriminant Analysis (LDA) for the selection of most discriminating features to reduce the computational complexity of payload-based GSAD model. GSAD model is based on a pattern recognition technique used in image payload features to calculate the difference between normal and abnormal network traffice. GSAD model is evaluated experimentally on the real attacks (GATECH) dataset and on the DARPA 1999 dataset.
Please use this identifier to cite or link to this item: