Mahalanobis Distance Map approach for Anomaly Detection of web-based attacks

Aruna Jamdagni*, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

1 Citation (Scopus)

Abstract

Web servers and web-based applications are commonly used as attack targets. The main issues are how to prevent unauthorised access and to protect web servers from the attack. Intrusion Detection Systems (IDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. In this paper, we focus on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model and we also propose a novel algorithm for the selection of most discriminating features to improve the computational complexity of payload-based GSAD model. Linear Discriminant method (LDA) is used for the feature reduction and classification of the incoming network traffic. GSAD model is based on a pattern recognition technique used in image processing. It analyses the correlations between various payload features and uses Mahalanobis Distance Map (MDM) to calculate the difference between normal and abnormal network traffic. We focus on the detection of generic attacks, shell code attacks, polymorphic attacks and polymorphic blending attacks. We evaluate accuracy of GSAD model experimentally on the real-world attacks dataset created at Georgia Institute of Technology. We conducted preliminary experiments on the DARPA 99 dataset to evaluate the accuracy of feature reduction.

Original languageEnglish
Title of host publicationProceedings of the 8th Australian Information Security Management Conference
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages8-17
Number of pages10
ISBN (Print)9780729806886
Publication statusPublished - 2010
Externally publishedYes
Event8th Australian Information Security Management Conference, AISM - Perth, WA, Australia
Duration: 30 Nov 20102 Dec 2010

Other

Other8th Australian Information Security Management Conference, AISM
CountryAustralia
CityPerth, WA
Period30/11/102/12/10

Keywords

  • Anomaly detection
  • Feature selection
  • Internet security
  • Intrusion detection
  • Linear discriminant analysis

Fingerprint Dive into the research topics of 'Mahalanobis Distance Map approach for Anomaly Detection of web-based attacks'. Together they form a unique fingerprint.

  • Cite this

    Jamdagni, A., Tan, Z., Nanda, P., He, X., & Liu, R. P. (2010). Mahalanobis Distance Map approach for Anomaly Detection of web-based attacks. In Proceedings of the 8th Australian Information Security Management Conference (pp. 8-17). Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE).