Representation model of requests to Web resources, based on a vector space model and attributes of requests for HTTP protocol
DOI:
https://doi.org/10.54654/isj.v10i2.65Keywords:
— Computer attacks, Web resources, classification, machine learning, attributes, HTTP protocol.Tóm tắt
Abstract— Recently, the number of incidents related to Web applications, due to the increase in the number of users of mobile devices, the development of the Internet of things, the expansion of many services and, as a consequence, the expansion of possible computer attacks. Malicious programs can be used to collect information about users, personal data and gaining access to Web resources or blocking them. The purpose of the study is to enhance the detection accuracy of computer attacks on Web applications. In the work, a model for presenting requests to Web resources, based on a vector space model and attributes of requests via the HTTP protocol is proposed. Previously carried out research allowed us to obtain an estimate of the detection accuracy as well as 96% for Web applications for the dataset KDD 99, vector-based query representation and a classifier based on model decision trees
Tóm tắt – Trong những năm gần đây, số lượng sự cố liên quan đến các ứng dụng Web có xu hướng tăng lên do sự gia tăng số lượng người dùng thiết bị di động, sự phát triển của Internet cũng như sự mở rộng của nhiều dịch vụ của nó. Do đó càng làm tăng khả năng bị tấn công vào thiết bị di động của người dùng cũng như hệ thống máy tính. Mã độc thường được sử dụng để thu thập thông tin về người dùng, dữ liệu cá nhân nhạy cảm, truy cập vào tài nguyên Web hoặc phá hoại các tài nguyên này. Mục đích của nghiên cứu nhằm tăng cường độ chính xác phát hiện các cuộc tấn công máy tính vào các ứng dụng Web. Bài báo trình bày một mô hình biểu diễn các yêu cầu Web, dựa trên mô hình không gian vectơ và các thuộc tính của các yêu cầu đó sử dụng giao thức HTTP. So sánh với các nghiên cứu được thực hiện trước đây cho phép chúng tôi ước tính độ chính xác phát hiện xấp xỉ 96% cho các ứng dụng Web khi sử dụng bộ dữ liệu KDD 99 trong đào tạo cũng như phát hiện tấn công đi kèm với việc biểu diễn truy vấn dựa trên không gian vectơ và phân loại dựa trên mô hình cây quyết định
Downloads
References
[1]. Kaspersky Lab. Security report. - 2019. - (дата обращения: 15.04.2019). http:/ / www. securelist. com / en / analysis / 204792244 / The - geography - of - cybercrime - Western - Europe- and-North-America.
[2]. A survey of intrusion detection techniques in cloud / C. Modi [et al.] // Journal of Network and Computer Applications. - Vol. 36, no. 1. - P. 42-57, 2013.
[3]. Khamphakdee N., Benjamas N., Saiyod S. Improving intrusion detection system based on snort rules for network probe attack detection // Information and Communication Technology (IColCT), 2014 2nd International Conference On. - IEEE. - P. 69-74. 2014.
[4]. A stateful intrusion detection system for world-wide web servers / G. Vigna [et al.] // Computer Security Applications Conference, 2003. Proceedings. 19th Annual. - IEEE.. - P. 34-43., 2003
[5]. Sekar R. An Efficient Black-box Technique for Defeating Web Application Attacks. // NDSS. - 2009.
[6]. Mutz D., Vigna G., Kemmerer R. An experience developing an IDS stimulator for the blackbox testing of network intrusion detection systems // Computer Security Applications Conference, 2003. Proceedings. 19th Annual. - IEEE- P. 374-383, . 2003..
[7]. Li X., Xue Y. BLOCK: a black-box approach for detection of state violation attacks towards web applications // Proceedings of the 27th Annual Computer Security Applications Conference. - ACM - P. 247-256, 2011.
[8]. Saxena P., Sekar R., Puranik V. Efficient fine-grained binary instrumentationwith applications to taint-tracking // Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization. - ACM..- P. 74-83, 2008.
[9]. Браницкий А. А., Котенко И. В. Анализ и классификация методов обнаружения сетевых атак // Труды СПИИРАН. - Т. 2, № 45. - С. 207—244, 2016.
[10]. Heckerman D. A tutorial on learning with Bayesian networks // Innovations in Bayesian networks. - Springer. - P. 33-82, 2008.
[11]. Friedman N., Geiger D., Goldszmidt M. Bayesian network classifiers // Machine learning. - - Vol. 29, no. 2-3. - P. 131-163, 1997.
[12]. Goldszmidt M. Bayesian network classifiers // Wiley Encyclopedia of Operations Research and Management Science. - 2010.
[13]. Barbara D., Wu N., Jajodia S. Detecting novel network intrusions using bayes estimators // Proceedings of the 2001 SIAM International Conference on Data Mining. - SIAM. - P. 1-17, . 2001 .
[14]. Нейросетевая технология обнаружения сетевых атак на информационные ресурсы / Ю. Г. Емельянова [и др.] // Программные системы: теория и приложения. - Т. 2, № 3. - С. 3-15., 2011.
[15]. A Detailed Analysis of the KDD CUP 99 Data Set / M. Tavallaee [и др.] // Proceedings of the Second IEEE International Conference on Computational Intelligence for Security and Defense Applications. - Ottawa, Ontario, Canada: IEEE Press. - С. 53—58. - (CISDA’09). - URL: http://dl.acm.org/citation.cfm?id= 1736481.17 36489, 2009.
[16]. Васильев В.И., Шарабыров И.В. Интеллектуальная система обнаружения атак в ло¬кальных беспроводных сетях // Вестник Уфимского государственного авиационного тех¬нического университета. - 2015. - Т. 19, 4 (70).
[17]. Su M.-Y. Real-time anomaly detection systems for Denial-of-Service attacks by weighted k- nearest-neighbor classifiers // Expert Systems with Applications. - Vol. 38, no. 4. - P. 3492-3498. - 2011.
[18]. Lee C. H., Chung J. W., Shin S. W. Network intrusion detection through genetic feature selection // Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, 2006. SNPD 2006. Seventh ACIS International Conference on. - IEEE - P. 109-114, 2006.
[19]. Intrusion detection with genetic algorithms and fuzzy logic / E. Ireland [et al.] // UMM CSci senior seminar conference..- Pp. 1-6, 2013.
[20]. Kruegel C., Toth T. Using decision trees to improve signature-based intrusion detection // Recent Advances in Intrusion Detection. - Springer - P. 173-191, 2003.
[21]. Bouzida Y., Cuppens F. Neural networks vs.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
