Abstract
In this paper, we propose an anomaly-based approach to detect intrusions attempts that may target web services. These intrusions (or attacks) are modeled as outliers (or noise) within a principled probabilistic framework. The proposed framework is based on finite Gaussian mixtures and allows the detection of both previously seen and unknown attacks against web services. The main idea of our framework is based on the consideration of malicious requests as outliers within our finite mixture model. Using this idea the intrusion detection problem is reduced to an adversarial classification problem. The merits of the proposed approach are shown using a data set containing both normal and intrusive requests, which were collected from a large real-life web service.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barnett, V., Lewis, T.: Outliers in Statistical Data. John Wiley & Sons (1994)
Bouguila, N., Ziou, D.: Dirichlet-based probability model applied to human skin detection. In: Proc. of the IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP). pp. 521–524 (2004)
Bouguila, N., Ziou, D.: A powerful finite mixture model based on the generalized Dirichlet distribution: Unsupervised learning and applications. In: Proc. of the 17th International Conference on Pattern Recognition (ICPR). pp. 280–283 (2004)
Bouguila, N., Almakadmeh, K., Boutemedjet, S.: A finite mixture model for simultaneous high-dimensional clustering, localized feature selection and outlier rejection. Expert Systems with Applications 39(7), 6641–6656 (2012)
Bouguila, N., Ziou, D.: Using unsupervised learning of a finite dirichlet mixture model to improve pattern recognition applications. Pattern Recognition Letters 26(12), 1916–1925 (2005)
Bouguila, N., Ziou, D.: Unsupervised selection of a finite dirichlet mixture model: An mml-based approach. IEEE Transactions on Knowledge and Data Engineering 18(8), 993–1009 (2006)
Chan, P.K., Lippmann, R.: Machine learning for computer security. Journal of Machine Learning Research 6, 2669–2672 (2006)
Corona, I., Giacinto, G.: Detection of server-side web attacks. In: Diethe, T., Cristianini, N., Shawe-Taylor, J. (eds.) WAPA. JMLR Proceedings, vol. 11, pp. 160–166. JMLR.org (2010)
Dagdee, N., Thakar, U.: Intrusion attack pattern analysis and signature extraction for web services using honeypots. In: Proc. of the First International Conference on Emerging Trends in Engineering and Technology (ICETET). pp. 1232–1237 (2008)
Desmet, L., Jacobs, B., Piessens, F., Joosen, W.: Threat modelling for web services based web applications. In: Chadwick, D., Preneel, B. (eds.) Communications and Multimedia Security, IFIP The International Federation for Information Processing, vol. 175, pp. 131–144. Springer US (2005)
Elguebaly, T., Bouguila, N.: Bayesian learning of finite generalized gaussian mixture models on images. Signal Processing 91(4), 801–820 (2011)
Fan, W., Bouguila, N., Ziou, D.: Unsupervised anomaly intrusion detection via localized bayesian feature selection. In: Proc. of the EEE International Conference on Data Mining (ICDM). pp. 1032–1037 (2011)
Figueiredo, M.A.T., Leitão, J.M.N., Jain, A.K.: On fitting mixture models. In: Hancock, E.R., Pelillo, M. (eds.) EMMCVPR. Lecture Notes in Computer Science, vol. 1654, pp. 54–69. Springer (1999)
Gruschka, N., Luttenberger, N.: Protecting web services from dos attacks by soap message validation. In: Fischer-Hebner, S., Rannenberg, K., Yngstrm, L., Lindskog, S. (eds.) Security and Privacy in Dynamic Environments, IFIP International Federation for Information Processing, vol. 201, pp. 171–182. Springer US (2006)
Hawkins, D.M.: Identification of Outliers. Chapman and Hall, London (1980)
Horng, S.J., Su, M.Y., Chen, Y.H., Kao, T.W., Chen, R.J., Lai, J.L., Perkasa, C.D.: A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Systems with Applications 38(1), 306 – 313 (2011)
Jensen, M., Gruschka, N., Herkenhoner, R., Luttenberger, N.: Soa and web services: New technologies, new standards - new attacks. In: Proc. of the Fifth European Conference on Web Services (ECOWS). pp. 35–44 (2007)
Jensen, M., Gruschka, N., Herkenhener, R.: A survey of attacks on web services. Computer Science - Research and Development 24(4), 185–197 (2009)
Ke, Q., Kanade, T.: Robust subspace clustering by combined use of kndd and svd algorithm. In: Proc. of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR). pp. 592–599 (2004)
Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal 16(4), 507–521 (2007)
Kirchner, M.: A framework for detecting anomalies in http traffic using instance-based learning and k-nearest neighbor classification. In: Proc. of the 2nd International Workshop on Security and Communication Networks (IWSCN). pp. 1–8 (May 2010)
Laskov, P., Dessel, P., Schefer, C., Rieck, K.: Learning intrusion detection: Supervised or unsupervised? In: Roli, F., Vitulano, S. (eds.) Image Analysis and Processing (ICIAP), Lecture Notes in Computer Science, vol. 3617, pp. 50–57. Springer Berlin Heidelberg (2005)
Liang, P., Klein, D.: Online em for unsupervised models. In: Proc. of Human Language Technologies: The 2009 Annual Conference of the North American Chapter of the Association for Computational Linguistics. pp. 611–619. NAACL ’09, Association for Computational Linguistics (2009)
Lowd, D., Meek, C.: Adversarial learning. In: Proc. of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD). pp. 641–647 (2005)
Mashrgy, M.A., Bdiri, T., Bouguila, N.: Robust simultaneous positive data clustering and unsupervised feature selection using generalized inverted dirichlet mixture models. Knowledge-Based Systems 59, 182–195 (2014)
Mashrgy, M.A., Bouguila, N., Daoudi, K.: A robust approach for multivariate binary vectors clustering and feature selection. In: Lu, B.L., Zhang, L., Kwok, J.T. (eds.) ICONIP (2). Lecture Notes in Computer Science, vol. 7063, pp. 125–132. Springer (2011)
McLachlan, G.J., Krishnan, T.: The EM Algorithm and Extensions. New York: Wiley (1997)
McLachlan, G., Peel, D.: Finite Mixture Models. New York: Wiley (2000)
Mehdi, M., Bouguila, N., Bentahar, J.: Trustworthy web service selection using probabilistic models. In: Proc. of the IEEE 19th International Conference on Web Services (ICWS). pp. 17–24 (2012)
Neal, R.M., Hinton, G.E.: A new view of the em algorithm that justifies incremental and other variants. In: Learning in Graphical Models. pp. 355–368. Kluwer Academic Publishers (1993)
Patcha, A., Park, J.M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks 51(12), 3448 – 3470 (2007)
Pearce, C., Bertok, P., Schyndel, R.: Protecting consumer data in composite web services. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) Security and Privacy in the Age of Ubiquitous Computing, IFIP Advances in Information and Communication Technology, vol. 181, pp. 19–34. Springer US (2005)
Pereira, H., Jamhour, E.: A clustering-based method for intrusion detection in web servers. In: Proc. of the 20th International Conference on Telecommunications (ICT). pp. 1–5 (2013)
Pinzen, C., Paz, J.F., Zato, C., Perez, J.: Protecting web services against dos attacks: A case-based reasoning approach. In: Romay, M., Corchado, E., Garcia Sebastian, M. (eds.) Hybrid Artificial Intelligence Systems, Lecture Notes in Computer Science, vol. 6076, pp. 229–236. Springer Berlin Heidelberg (2010)
S. Northcutt and J. Novak: Network Intrusion Detection: An Analyst’s Handbook. New Riders Publishing (2002)
Samé, A., Ambroise, C., Govaert, G.: An online classification em algorithm based on the mixture model. Statistics and Computing 17(3), 209–218 (2007)
Titsias, M.K., Williams, C.K.I.: Sequentially fitting mixture models using an outlier component. In: Proc. of the 6th International Workshop on Advances in Scattering and Biomedical Engineering. pp. 386–393 (2003)
Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Review: Intrusion detection by machine learning: A review. Expert Systems with Applications 36(10), 11994–12000 (2009)
Yamanishi, K., ichi Takeuchi, J., Williams, G.J., Milne, P.: On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms. Data Mining and Knowledge Discovery 8(3), 275–300 (2004)
Yee, C.G., Shin, W.H., Rao, G.S.V.R.K.: An adaptive intrusion detection and prevention (ID/IP) framework for web services. In: Proc. of the International Conference on Convergence Information Technology (ICCIT). pp. 528–534 (2007)
Zanero, S., Savaresi, S.M.: Unsupervised learning techniques for an intrusion detection system. In: Proc. of the ACM Symposium on Applied Computing (SAC). pp. 412–419. ACM (2004)
Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Computers & Security 29(1), 124 – 140 (2010)
Zivkovic, Z., Krose, B.: An em-like algorithm for color-histogram-based object tracking. In: Proc. of the 2004 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR). pp. I–798–I–803 Vol.1 (2004)
Zolotukhin, M., Hamalainen, T.: Detection of anomalous http requests based on advanced n-gram model and clustering techniques. In: Balandin, S., Andreev, S., Koucheryavy, Y. (eds.) Internet of Things, Smart Spaces, and Next Generation Networking, Lecture Notes in Computer Science, vol. 8121, pp. 371–382. Springer Berlin Heidelberg (2013)
Zolotukhin, M., Hamalainen, T., Juvonen, A.: Growing hierarchical self-organizing maps and statistical distribution models for online detection of web attacks. In: Cordeiro, J., Krempels, K.H. (eds.) Web Information Systems and Technologies, Lecture Notes in Business Information Processing, vol. 140, pp. 281–295. Springer Berlin Heidelberg (2013)
Acknowledgments.
The first author would like to thank King Abdulaziz City for Science and Technology (KACST), Kingdom of Saudi Arabia, for their funding support under grant number 11-INF1787-08.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Sallay, H., Bourouis, S., Bouguila, N. (2015). Web Service Intrusion Detection Using a Probabilistic Framework. In: Selvaraj, H., Zydek, D., Chmaj, G. (eds) Progress in Systems Engineering. Advances in Intelligent Systems and Computing, vol 366. Springer, Cham. https://doi.org/10.1007/978-3-319-08422-0_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-08422-0_24
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08421-3
Online ISBN: 978-3-319-08422-0
eBook Packages: EngineeringEngineering (R0)