Skip to main content
SpringerLink
Log in

Web Service Intrusion Detection Using a Probabilistic Framework

  • Conference paper
Progress in Systems Engineering

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 366))

Abstract

In this paper, we propose an anomaly-based approach to detect intrusions attempts that may target web services. These intrusions (or attacks) are modeled as outliers (or noise) within a principled probabilistic framework. The proposed framework is based on finite Gaussian mixtures and allows the detection of both previously seen and unknown attacks against web services. The main idea of our framework is based on the consideration of malicious requests as outliers within our finite mixture model. Using this idea the intrusion detection problem is reduced to an adversarial classification problem. The merits of the proposed approach are shown using a data set containing both normal and intrusive requests, which were collected from a large real-life web service.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Barnett, V., Lewis, T.: Outliers in Statistical Data. John Wiley & Sons (1994)

    Google Scholar 

  2. Bouguila, N., Ziou, D.: Dirichlet-based probability model applied to human skin detection. In: Proc. of the IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP). pp. 521–524 (2004)

    Google Scholar 

  3. Bouguila, N., Ziou, D.: A powerful finite mixture model based on the generalized Dirichlet distribution: Unsupervised learning and applications. In: Proc. of the 17th International Conference on Pattern Recognition (ICPR). pp. 280–283 (2004)

    Google Scholar 

  4. Bouguila, N., Almakadmeh, K., Boutemedjet, S.: A finite mixture model for simultaneous high-dimensional clustering, localized feature selection and outlier rejection. Expert Systems with Applications 39(7), 6641–6656 (2012)

    Article  Google Scholar 

  5. Bouguila, N., Ziou, D.: Using unsupervised learning of a finite dirichlet mixture model to improve pattern recognition applications. Pattern Recognition Letters 26(12), 1916–1925 (2005)

    Article  Google Scholar 

  6. Bouguila, N., Ziou, D.: Unsupervised selection of a finite dirichlet mixture model: An mml-based approach. IEEE Transactions on Knowledge and Data Engineering 18(8), 993–1009 (2006)

    Article  Google Scholar 

  7. Chan, P.K., Lippmann, R.: Machine learning for computer security. Journal of Machine Learning Research 6, 2669–2672 (2006)

    MathSciNet  Google Scholar 

  8. Corona, I., Giacinto, G.: Detection of server-side web attacks. In: Diethe, T., Cristianini, N., Shawe-Taylor, J. (eds.) WAPA. JMLR Proceedings, vol. 11, pp. 160–166. JMLR.org (2010)

    Google Scholar 

  9. Dagdee, N., Thakar, U.: Intrusion attack pattern analysis and signature extraction for web services using honeypots. In: Proc. of the First International Conference on Emerging Trends in Engineering and Technology (ICETET). pp. 1232–1237 (2008)

    Google Scholar 

  10. Desmet, L., Jacobs, B., Piessens, F., Joosen, W.: Threat modelling for web services based web applications. In: Chadwick, D., Preneel, B. (eds.) Communications and Multimedia Security, IFIP The International Federation for Information Processing, vol. 175, pp. 131–144. Springer US (2005)

    Google Scholar 

  11. Elguebaly, T., Bouguila, N.: Bayesian learning of finite generalized gaussian mixture models on images. Signal Processing 91(4), 801–820 (2011)

    Article  MATH  Google Scholar 

  12. Fan, W., Bouguila, N., Ziou, D.: Unsupervised anomaly intrusion detection via localized bayesian feature selection. In: Proc. of the EEE International Conference on Data Mining (ICDM). pp. 1032–1037 (2011)

    Google Scholar 

  13. Figueiredo, M.A.T., Leitão, J.M.N., Jain, A.K.: On fitting mixture models. In: Hancock, E.R., Pelillo, M. (eds.) EMMCVPR. Lecture Notes in Computer Science, vol. 1654, pp. 54–69. Springer (1999)

    Google Scholar 

  14. Gruschka, N., Luttenberger, N.: Protecting web services from dos attacks by soap message validation. In: Fischer-Hebner, S., Rannenberg, K., Yngstrm, L., Lindskog, S. (eds.) Security and Privacy in Dynamic Environments, IFIP International Federation for Information Processing, vol. 201, pp. 171–182. Springer US (2006)

    Google Scholar 

  15. Hawkins, D.M.: Identification of Outliers. Chapman and Hall, London (1980)

    Book  MATH  Google Scholar 

  16. Horng, S.J., Su, M.Y., Chen, Y.H., Kao, T.W., Chen, R.J., Lai, J.L., Perkasa, C.D.: A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Systems with Applications 38(1), 306 – 313 (2011)

    Article  Google Scholar 

  17. Jensen, M., Gruschka, N., Herkenhoner, R., Luttenberger, N.: Soa and web services: New technologies, new standards - new attacks. In: Proc. of the Fifth European Conference on Web Services (ECOWS). pp. 35–44 (2007)

    Google Scholar 

  18. Jensen, M., Gruschka, N., Herkenhener, R.: A survey of attacks on web services. Computer Science - Research and Development 24(4), 185–197 (2009)

    Article  Google Scholar 

  19. Ke, Q., Kanade, T.: Robust subspace clustering by combined use of kndd and svd algorithm. In: Proc. of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR). pp. 592–599 (2004)

    Google Scholar 

  20. Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal 16(4), 507–521 (2007)

    Article  Google Scholar 

  21. Kirchner, M.: A framework for detecting anomalies in http traffic using instance-based learning and k-nearest neighbor classification. In: Proc. of the 2nd International Workshop on Security and Communication Networks (IWSCN). pp. 1–8 (May 2010)

    Google Scholar 

  22. Laskov, P., Dessel, P., Schefer, C., Rieck, K.: Learning intrusion detection: Supervised or unsupervised? In: Roli, F., Vitulano, S. (eds.) Image Analysis and Processing (ICIAP), Lecture Notes in Computer Science, vol. 3617, pp. 50–57. Springer Berlin Heidelberg (2005)

    Google Scholar 

  23. Liang, P., Klein, D.: Online em for unsupervised models. In: Proc. of Human Language Technologies: The 2009 Annual Conference of the North American Chapter of the Association for Computational Linguistics. pp. 611–619. NAACL ’09, Association for Computational Linguistics (2009)

    Google Scholar 

  24. Lowd, D., Meek, C.: Adversarial learning. In: Proc. of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD). pp. 641–647 (2005)

    Google Scholar 

  25. Mashrgy, M.A., Bdiri, T., Bouguila, N.: Robust simultaneous positive data clustering and unsupervised feature selection using generalized inverted dirichlet mixture models. Knowledge-Based Systems 59, 182–195 (2014)

    Article  Google Scholar 

  26. Mashrgy, M.A., Bouguila, N., Daoudi, K.: A robust approach for multivariate binary vectors clustering and feature selection. In: Lu, B.L., Zhang, L., Kwok, J.T. (eds.) ICONIP (2). Lecture Notes in Computer Science, vol. 7063, pp. 125–132. Springer (2011)

    Google Scholar 

  27. McLachlan, G.J., Krishnan, T.: The EM Algorithm and Extensions. New York: Wiley (1997)

    MATH  Google Scholar 

  28. McLachlan, G., Peel, D.: Finite Mixture Models. New York: Wiley (2000)

    Book  MATH  Google Scholar 

  29. Mehdi, M., Bouguila, N., Bentahar, J.: Trustworthy web service selection using probabilistic models. In: Proc. of the IEEE 19th International Conference on Web Services (ICWS). pp. 17–24 (2012)

    Google Scholar 

  30. Neal, R.M., Hinton, G.E.: A new view of the em algorithm that justifies incremental and other variants. In: Learning in Graphical Models. pp. 355–368. Kluwer Academic Publishers (1993)

    Google Scholar 

  31. Patcha, A., Park, J.M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks 51(12), 3448 – 3470 (2007)

    Article  Google Scholar 

  32. Pearce, C., Bertok, P., Schyndel, R.: Protecting consumer data in composite web services. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) Security and Privacy in the Age of Ubiquitous Computing, IFIP Advances in Information and Communication Technology, vol. 181, pp. 19–34. Springer US (2005)

    Google Scholar 

  33. Pereira, H., Jamhour, E.: A clustering-based method for intrusion detection in web servers. In: Proc. of the 20th International Conference on Telecommunications (ICT). pp. 1–5 (2013)

    Google Scholar 

  34. Pinzen, C., Paz, J.F., Zato, C., Perez, J.: Protecting web services against dos attacks: A case-based reasoning approach. In: Romay, M., Corchado, E., Garcia Sebastian, M. (eds.) Hybrid Artificial Intelligence Systems, Lecture Notes in Computer Science, vol. 6076, pp. 229–236. Springer Berlin Heidelberg (2010)

    Google Scholar 

  35. S. Northcutt and J. Novak: Network Intrusion Detection: An Analyst’s Handbook. New Riders Publishing (2002)

    Google Scholar 

  36. Samé, A., Ambroise, C., Govaert, G.: An online classification em algorithm based on the mixture model. Statistics and Computing 17(3), 209–218 (2007)

    Article  MathSciNet  Google Scholar 

  37. Titsias, M.K., Williams, C.K.I.: Sequentially fitting mixture models using an outlier component. In: Proc. of the 6th International Workshop on Advances in Scattering and Biomedical Engineering. pp. 386–393 (2003)

    Google Scholar 

  38. Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Review: Intrusion detection by machine learning: A review. Expert Systems with Applications 36(10), 11994–12000 (2009)

    Article  Google Scholar 

  39. Yamanishi, K., ichi Takeuchi, J., Williams, G.J., Milne, P.: On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms. Data Mining and Knowledge Discovery 8(3), 275–300 (2004)

    Google Scholar 

  40. Yee, C.G., Shin, W.H., Rao, G.S.V.R.K.: An adaptive intrusion detection and prevention (ID/IP) framework for web services. In: Proc. of the International Conference on Convergence Information Technology (ICCIT). pp. 528–534 (2007)

    Google Scholar 

  41. Zanero, S., Savaresi, S.M.: Unsupervised learning techniques for an intrusion detection system. In: Proc. of the ACM Symposium on Applied Computing (SAC). pp. 412–419. ACM (2004)

    Google Scholar 

  42. Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Computers & Security 29(1), 124 – 140 (2010)

    Article  Google Scholar 

  43. Zivkovic, Z., Krose, B.: An em-like algorithm for color-histogram-based object tracking. In: Proc. of the 2004 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR). pp. I–798–I–803 Vol.1 (2004)

    Google Scholar 

  44. Zolotukhin, M., Hamalainen, T.: Detection of anomalous http requests based on advanced n-gram model and clustering techniques. In: Balandin, S., Andreev, S., Koucheryavy, Y. (eds.) Internet of Things, Smart Spaces, and Next Generation Networking, Lecture Notes in Computer Science, vol. 8121, pp. 371–382. Springer Berlin Heidelberg (2013)

    Google Scholar 

  45. Zolotukhin, M., Hamalainen, T., Juvonen, A.: Growing hierarchical self-organizing maps and statistical distribution models for online detection of web attacks. In: Cordeiro, J., Krempels, K.H. (eds.) Web Information Systems and Technologies, Lecture Notes in Business Information Processing, vol. 140, pp. 281–295. Springer Berlin Heidelberg (2013)

    Google Scholar 

Download references

Acknowledgments.

The first author would like to thank King Abdulaziz City for Science and Technology (KACST), Kingdom of Saudi Arabia, for their funding support under grant number 11-INF1787-08.

Author information

Authors and Affiliations

  1. Al Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh, Saudi Arabia

    Hassen Sallay

  2. Taif University, Taif, Saudi Arabia

    Sami Bourouis

  3. Concordia University, Montreal, QC, Canada

    Nizar Bouguila

Authors
  1. Hassen Sallay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sami Bourouis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nizar Bouguila
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hassen Sallay .

Editor information

Editors and Affiliations

  1. University of Nevada at Las Vegas, Las Vegas, Nevada, USA

    Henry Selvaraj

  2. Department of Electrical Engineering, Idaho State University, Pocatello, Idaho, USA

    Dawid Zydek

  3. University of Nevada at Las Vegas, Las Vegas, Nevada, USA

    Grzegorz Chmaj

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Sallay, H., Bourouis, S., Bouguila, N. (2015). Web Service Intrusion Detection Using a Probabilistic Framework. In: Selvaraj, H., Zydek, D., Chmaj, G. (eds) Progress in Systems Engineering. Advances in Intelligent Systems and Computing, vol 366. Springer, Cham. https://doi.org/10.1007/978-3-319-08422-0_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08422-0_24

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08421-3

  • Online ISBN: 978-3-319-08422-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation