Title :
Fuzzy Detection of Malicious Attacks on Web Applications Based on Hidden Markov Model Ensemble
Author :
Geraily, Mohammad ; Jahan, Majid Vafaei
Abstract :
This paper represents a system, which detects malicious HTTP request and obtains the lowest false-positive rate with high detection rate. For this purpose, each extracted feature of a HTTP request is modeled by multiple hidden Markov models as a classifier ensemble. HMMs outputs of an ensemble are fused to product a probabilistic value that showing normalcy of corresponding feature. In this system, instead of a threshold, a fuzzy inference is applied to produce a flexible decision boundary. So, fuzzy sets and rules of decision module are formed manually, next, output of each HMM ensemble is converted to a fuzzy value with respect to fuzzy sets. Finally, a fuzzy inference engine uses these values to produce output that indicates whether the HTTP request is normal or abnormal. Experiments show that this approach is flexible and has acceptable accuracy in detecting requests close to the decision boundary, and false-positive rate is 0.79%.
Keywords :
Internet; fuzzy reasoning; fuzzy set theory; hidden Markov models; security of data; HMM; Web applications; fuzzy detection; fuzzy inference engine; fuzzy sets; fuzzy value; hidden Markov model ensemble; malicious HTTP request; malicious attacks; probabilistic value; Accuracy; Feature extraction; Fuzzy sets; Hidden Markov models; Security; Servers; Training; Detection rate; False positive rate; Fusion; Fuzzy inference; Hidden Markov model ensemble; Multiple classifier System; Soft boundary;
Conference_Titel :
Intelligent Systems, Modelling and Simulation (ISMS), 2012 Third International Conference on
Conference_Location :
Kota Kinabalu
Print_ISBN :
978-1-4673-0886-1
DOI :
10.1109/ISMS.2012.25
