Abstract
Select from the best features in a complex dataset that is a critical task for machine learning algorithms. This work presents a comparative analysis between two resource selection techniques: Minimum Redundancy Maximum Relevance (mRMR) and Permutation Feature Important (PFI). The application of PFI to the dataset in issue is unusual. The dataset used in the experiments is HTTP CSIC 2010, which shows great results with the mRMR observed in a related work [22]. Our PFI tests resulted in a selection of features best suited for machine learning methods and the best results for an accuracy of 97% with logistic regression and Bayes Point Machine, 98% with Support Vector Machine, and 99.9% using an artificial neural network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alrawashdeh, K.: Toward a hardware-assisted online intrusion detection system based on deep learning algorithms for resource-limited embedded systems. Doctoral dissertation, University of Cincinnati (2018)
Alrawashdeh, K., Purdy, C.: Reducing calculation requirements in FPGA implementation of deep learning algorithms for online anomaly intrusion detection. In: IEEE National Aerospace and Electronics Conference, pp. 57–62. IEEE (2017)
Altmann, A., Tolosi, L., Sander, O., Lengauer, T.: Permutation importance: a corrected feature importance measure. Bioinformatics 26(10), 1340–1347 (2010)
Barga, R., Fontama, V., Tok, W.H., Cabrera-Cordon, L.: Predictive Analytics with Microsoft Azure Machine Learning. Apress, Berkely (2015)
Bleik, S.: Permutation Feature Importance. https://blogs.technet.microsoft.com/machinelearning/2015/04/14/permutation-feature-importance. Accessed 3 Dec 2019
Chapaneri, R., Shah, S.: A comprehensive survey of machine learning-based network intrusion detection. In: Satapathy, S.C., Bhateja, V., Das, S. (eds.) Smart Intelligent Computing and Applications. SIST, vol. 104, pp. 345–356. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-1921-1_35
Etaati, L.: Azure machine learning studio. In: Machine Learning with Microsoft Technologies, pp. 201–223. Apress, Berkeley (2019)
Giménez, C.T., Villegas, A.P., Marañón, G.Á.: HTTP data set CSIC 2010. Information Security Institute of CSIC, Spanish Research National Council (2010)
Go, W., Lee, D.: Toward trustworthy deep learning in security. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 2219–2221. ACM (2018)
Han, E.: Analyzing and classifying web application attacks. Int. J. Adv. Electron. Comput. Sci. 2(4) (2015)
Kaur, S., Singh, M.G.: Network Security Model for Attack Signature Generation, Tracking and Analysis. Doctoral dissertation (2015)
Kozik, R., Choraś, M., Renk, R., Hołubowicz, W.: A proposal of algorithm for web applications cyber attack detection. In: Saeed, K., Snášel, V. (eds.) CISIM 2014. LNCS, vol. 8838, pp. 680–687. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45237-0_61
Maini, R., Bvducoep, P., Pandey, R., Kumar, R., Gupta, R.: Automated web vulnerability scanner. Int. J. Eng. Appl. Sci. Technol. 4(1), 132–136 (2019). ISSN 2455-2143
Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrović, S., Franke, K.: Application of the generic feature selection measure in detection of web attacks. In: Herrero, Á., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 25–32. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21323-6_4
Owasp Foundation: OWASP Top 10 Application Security Risks 2017. https://www.owasp.org/index.php/Top_10-2017_Top_10. Accessed 1 Dec 2019
Parthy, P.P., Rajendran, G.: Identification and prevention of social engineering attacks on an enterprise. In: 2019 International Carnahan Conference on Security Technology (ICCST), pp. 1–5. IEEE (2019)
Perez-Villegas, A., Torrano-Gimenez, C., Alvarez, G.: Applying Markov chains to web intrusion detection. In: Proceedings of Reunión Espanola sobre Criptología y Seguridad de la Información (RECSI 2010), pp. 361–366 (2010)
Radovic, M., Ghalwash, M., Filipovic, N., Obradovic, Z.: Minimum redundancy maximum relevance feature selection approach for temporal gene expression data. BMC Bioinformatics 18(1), 9 (2017)
Masud Rana, Md., Ahmed, K.: Feature selection and biomedical signal classification using minimum redundancy maximum relevance and artificial neural network. In: Uddin, M.S., Bansal, J.C. (eds.) Proceedings of International Joint Conference on Computational Intelligence. AIS, pp. 207–214. Springer, Singapore (2020). https://doi.org/10.1007/978-981-13-7564-4_18
Ren, J., Zheng, Z., Liu, Q., Wei, Z., Yan, H.: A buffer overflow prediction approach based on software metrics and machine learning. Secur. Commun. Netw. (2019)
Rodríguez, G.E., Torres, J.G., Flores, P., Benavides, D.E.: Cross-site scripting (XSS) attacks and mitigation: a survey. Comput. Netw. 1666, 106960 (2019)
Smitha, R., Hareesha, K.S., Kundapur, P.P.: A machine learning approach for web intrusion detection: MAMLS perspective. In: Wang, J., Reddy, G.R.M., Prasad, V.K., Reddy, V.S. (eds.) Soft Computing and Signal Processing. AISC, vol. 900, pp. 119–133. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-3600-3_12
Symantec Internet Security Threat Report. https://www.symantec.com/content /dam/symantec/docs/reports/istr-24-2019-en.pdf. Accessed 30 Nov 2019
Torrano-Giménez, C., Perez-Villegas, A., Alvarez, G.: An anomaly-based approach for intrusion detection in web traffic (2010)
Torrano-Gimenez, C., Perez-Villegas, A., Alvarez, G.: A self-learning anomaly-based web application firewall. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds.) Computational Intelligence in Security for Information Systems. Advances in Intelligent and Soft Computing, vol. 63, pp. 85–92. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04091-7_11
Torrano-Gimenez, C., Péerez-Villegas, A., Álvarez, G., Fernández-Medina, E., Malek, M., Hernando, J.: An anomaly-based web application firewall. In: SECRYPT, pp. 23–28 (2009)
Torrano-Gimenez, C., Nguyen, H.T., Alvarez, G., Petrovic, S., Franke, K.: Applying feature selection to payload-based web application firewalls. In: International Workshop on Security and Communication Networks, pp. 75–81. IEEE (2011)
Wang, B., Gong, N.Z.: Stealing hyperparameters in machine learning. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 36–52. IEEE (2018)
Zhang, H., Zhao, B., Yuan, H., Zhao, J., Yan, X., Li, F.: SQL injection detection based on deep belief network. In: Proceedings of the 3rd International Conference on Computer Science and Application Engineering, p. 20. ACM (2019)
Acknowledgments
The authors are grateful to FAPESP grants #2017/22905-6, #2013/07375-0, #2014/12236-1, and #2019/07665-4, as well as CNPq grants #429003/2018-8, #307066/2017-7, and #427968/2018-6.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Lucas, T.J., Tojeiro, C.A.C., Pires, R.G., da Costa, K.A.P., Papa, J.P. (2020). Machine Learning for Web Intrusion Detection: A Comparative Analysis of Feature Selection Methods mRMR and PFI. In: Rutkowski, L., Scherer, R., Korytkowski, M., Pedrycz, W., Tadeusiewicz, R., Zurada, J.M. (eds) Artificial Intelligence and Soft Computing. ICAISC 2020. Lecture Notes in Computer Science(), vol 12415. Springer, Cham. https://doi.org/10.1007/978-3-030-61401-0_50
Download citation
DOI: https://doi.org/10.1007/978-3-030-61401-0_50
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61400-3
Online ISBN: 978-3-030-61401-0
eBook Packages: Computer ScienceComputer Science (R0)