A LogitBoost-based Algorithm for Detecting Known and Unknown Web Attacks

Muhammad Hilmi Kamarudin, Carsten Maple, Tim Watson, Nader Sohrabi Safa

Research output: Contribution to journalArticle

9 Citations (Scopus)
4 Downloads (Pure)

Abstract

The rapid growth in the volume and importance of web communication throughout the Internet has heightened the need for better security protection. Security experts, when protecting systems, maintain a database featuring signatures of a large number of attacks to assist with attack detection. However, used in isolation, this can limit the capability of the system as it is only able to recognise known attacks. To overcome the problem, we propose an anomaly based intrusion detection system using an ensemble classification approach to detect unknown attacks on web servers. The process involves removing irrelevant and redundant features utilising a filter and wrapper selection procedure. Logitboost (LB) is then employed together with Random Forests (RF) as a weak classifier. The proposed ensemble technique was evaluated with some artificial datasets namely NSL-KDD, an improved version of the old KDD Cup from 1999, and the recently published UNSW-NB15 dataset. The experimental results show that our approach demonstrates superiority, in terms of accuracy and detection rate over the traditional approaches, whilst preserving low false rejection rates.
Original languageEnglish
Pages (from-to)26190 - 26200
Number of pages11
JournalIEEE Access
Volume5
DOIs
Publication statusPublished - 3 Nov 2017
Externally publishedYes

Fingerprint

Intrusion detection
Classifiers
Servers
Internet
Communication

Cite this

A LogitBoost-based Algorithm for Detecting Known and Unknown Web Attacks. / Kamarudin, Muhammad Hilmi; Maple, Carsten; Watson, Tim; Sohrabi Safa, Nader.

In: IEEE Access, Vol. 5, 03.11.2017, p. 26190 - 26200.

Research output: Contribution to journalArticle

Kamarudin, Muhammad Hilmi ; Maple, Carsten ; Watson, Tim ; Sohrabi Safa, Nader. / A LogitBoost-based Algorithm for Detecting Known and Unknown Web Attacks. In: IEEE Access. 2017 ; Vol. 5. pp. 26190 - 26200.
@article{478a9d72c2604635a22dcdd13bc586c0,
title = "A LogitBoost-based Algorithm for Detecting Known and Unknown Web Attacks",
abstract = "The rapid growth in the volume and importance of web communication throughout the Internet has heightened the need for better security protection. Security experts, when protecting systems, maintain a database featuring signatures of a large number of attacks to assist with attack detection. However, used in isolation, this can limit the capability of the system as it is only able to recognise known attacks. To overcome the problem, we propose an anomaly based intrusion detection system using an ensemble classification approach to detect unknown attacks on web servers. The process involves removing irrelevant and redundant features utilising a filter and wrapper selection procedure. Logitboost (LB) is then employed together with Random Forests (RF) as a weak classifier. The proposed ensemble technique was evaluated with some artificial datasets namely NSL-KDD, an improved version of the old KDD Cup from 1999, and the recently published UNSW-NB15 dataset. The experimental results show that our approach demonstrates superiority, in terms of accuracy and detection rate over the traditional approaches, whilst preserving low false rejection rates.",
author = "Kamarudin, {Muhammad Hilmi} and Carsten Maple and Tim Watson and {Sohrabi Safa}, Nader",
year = "2017",
month = "11",
day = "3",
doi = "10.1109/ACCESS.2017.2766844",
language = "English",
volume = "5",
pages = "26190 -- 26200",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "IEEE",

}

TY - JOUR

T1 - A LogitBoost-based Algorithm for Detecting Known and Unknown Web Attacks

AU - Kamarudin, Muhammad Hilmi

AU - Maple, Carsten

AU - Watson, Tim

AU - Sohrabi Safa, Nader

PY - 2017/11/3

Y1 - 2017/11/3

N2 - The rapid growth in the volume and importance of web communication throughout the Internet has heightened the need for better security protection. Security experts, when protecting systems, maintain a database featuring signatures of a large number of attacks to assist with attack detection. However, used in isolation, this can limit the capability of the system as it is only able to recognise known attacks. To overcome the problem, we propose an anomaly based intrusion detection system using an ensemble classification approach to detect unknown attacks on web servers. The process involves removing irrelevant and redundant features utilising a filter and wrapper selection procedure. Logitboost (LB) is then employed together with Random Forests (RF) as a weak classifier. The proposed ensemble technique was evaluated with some artificial datasets namely NSL-KDD, an improved version of the old KDD Cup from 1999, and the recently published UNSW-NB15 dataset. The experimental results show that our approach demonstrates superiority, in terms of accuracy and detection rate over the traditional approaches, whilst preserving low false rejection rates.

AB - The rapid growth in the volume and importance of web communication throughout the Internet has heightened the need for better security protection. Security experts, when protecting systems, maintain a database featuring signatures of a large number of attacks to assist with attack detection. However, used in isolation, this can limit the capability of the system as it is only able to recognise known attacks. To overcome the problem, we propose an anomaly based intrusion detection system using an ensemble classification approach to detect unknown attacks on web servers. The process involves removing irrelevant and redundant features utilising a filter and wrapper selection procedure. Logitboost (LB) is then employed together with Random Forests (RF) as a weak classifier. The proposed ensemble technique was evaluated with some artificial datasets namely NSL-KDD, an improved version of the old KDD Cup from 1999, and the recently published UNSW-NB15 dataset. The experimental results show that our approach demonstrates superiority, in terms of accuracy and detection rate over the traditional approaches, whilst preserving low false rejection rates.

U2 - 10.1109/ACCESS.2017.2766844

DO - 10.1109/ACCESS.2017.2766844

M3 - Article

VL - 5

SP - 26190

EP - 26200

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

ER -