Abstract
Machine learning plays an important part in detecting web attacks. However, it exhibits high false alarm rate due to the lacking of labeled data. Humans perform better than machines in attack recognition, while suffer from low bandwidth. In this paper, we adopt a collaborative detection model, based on machine learning augmented with human interaction to detect web attacks. We leverage human knowledge to continuously optimize the detection model and make machines smarter against fast-changing web attacks. To eliminate the bottleneck of humans, we design an selection mechanism which could recommend most suspicious anomaly behaviors for humans to correct the false decision of machines. In addition, we also define a human involvement ratio, k, to represent how much efforts that human contributes to the collaborative detection model. By tuning k, the model accuracy and human workloads could be effectively balanced. We conduct several comprehensive experiments to evaluate the effectiveness of our model using reallife datasets. The results demonstrate that our approach could significantly improve the detection accuracy compared with traditional machine learning approaches.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Veeramachaneni, K., Arnaldo, I., Korrapati, V., Bassias, C., Li, K.: \({AI}^2\): training a big data machine to defend. In: 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), pp. 49–54. IEEE (2016)
Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 251–261. ACM (2003)
Lu, W., Traore, I.: A new unsupervised anomaly detection framework for detecting network attacks in real-time. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 96–109. Springer, Heidelberg (2005). https://doi.org/10.1007/11599371_9
Shon, T., Moon, J., Waterman, M.S.: A hybrid machine learning approach to network anomaly detection. Inf. Sci. 177(18), 3799–3821 (2007)
Lewis, D.D., Catlett, J.: Heterogeneous uncertainty sampling for supervised learning. In: Proceedings of the Eleventh International Conference on Machine Learning, pp. 148–156 (1994)
Chen, Y., Hwang, K., Ku, W.S.: Collaborative detection of DDoS attacks over multiple network domains. IEEE Trans. Parallel Distrib. Syst. 18(12), 1649–1662 (2007)
Chen, Y., Hwang, K.: Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. J. Parallel Distrib. Comput. 66(9), 1137–1151 (2006)
Yao, D., Yin, M., Luo, J., Zhang, S.: Network anomaly detection using random forests and entropy of traffic features. In: 2012 Fourth International Conference on Multimedia Information Networking and Security, pp. 926–929. IEEE (2012)
Zhang, J., Chen, C., Xiang, Y., Zhou, W.: Robust network traffic identification with unknown applications. In: Proceedings of the 8th ACM SIGSAC symposium on Information, Computer and Communications Security, pp. 405–414. ACM (2012)
Nadiammai, G., Hemalatha, M.: Effective approach toward intrusion detection system using data mining techniques. Egypt. Inform. Journal. 15(1), 37–57 (2014)
Hodge, V., Austin, J.: A survey of outlier detection methodologies. Artif. Intell. Rev. 22(2), 85–126 (2004)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutorials 16(1), 303–336 (2014)
Ektefa, M., Memar, S., Sidi, F., Affendey, L.S.: Intrusion detection using data mining techniques. In: 2010 International Conference on Information Retrieval and Knowledge Management (CAMP), pp. 200–203. IEEE (2010)
Threepak, T., Watcharapupong, A., Assent, I. Web attack detection using entropy-based analysis. In: The International Conference on Information Networking 2014 (ICOIN 2014), pp. 244–247. IEEE (2014)
Acknowledgement
The authors gratefully acknowledge the anonymous reviewers for their helpful suggestions. This work is supported by supported by China 863 program (No. 2015AA01A202) and project of Telecommunication Company of State Grid Zhejiang Electric Power Company (5211XT16000A).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Hu, Y., Li, B., Ye, W., Yuan, G. (2018). A Human-Machine Collaborative Detection Model for Identifying Web Attacks. In: Romdhani, I., Shu, L., Takahiro, H., Zhou, Z., Gordon, T., Zeng, D. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 252. Springer, Cham. https://doi.org/10.1007/978-3-030-00916-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-00916-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00915-1
Online ISBN: 978-3-030-00916-8
eBook Packages: Computer ScienceComputer Science (R0)