Mahalanobis Distance Map approach for anomaly detection of web-based attacks

Aruna Jamdagni, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu

    Research output: Contribution to journalArticlepeer-review

    Abstract

    Web servers and web-based applications are commonly used attack targets. The main issues are how to prevent unauthorized access and to protect web server from the attack. Intrusion Detection Systems (lDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. This paper focuses on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model. Further, a novel algorithm is proposed using Linear Discriminant Analysis (LDA) for the selection of most discriminating features to reduce the computational complexity of payload-based GSAD model. GSAD model is based on a pattern recognition technique used in image processing. Mahalanobis Distance Map (MOM) uses the correlations between various payload features to calculate the difference between normal and abnormal network traffic. GSAD model is evaluated experimentally on the real attacks (GATECH) dataset and on the DARPA 1999 dataset.
    Original languageEnglish
    Pages (from-to)25-39
    Number of pages15
    JournalJournal of Network Forensics
    Volume2
    Issue number2
    Publication statusPublished - 2010

    Fingerprint

    Dive into the research topics of 'Mahalanobis Distance Map approach for anomaly detection of web-based attacks'. Together they form a unique fingerprint.

    Cite this