Modeling Unknown Web Attacks in Network Anomaly Detection

Author

Guangmin, Liang

Author_Institution

Comput. Eng. Dept., Shenzhen Polytech., Shenzhen

Volume

2

fYear

2008

fDate

11-13 Nov. 2008

Firstpage

112

Lastpage

116

Abstract

Due to the unknown Web attacks are hardly be detected and the early warning and response mechanism cannot be established, many of intrusion detection systems (IDSs) are only effective in detecting known Web attacks and cannot evaluate the risk of Web service. In order to conquer these limitations and inspired by immune principles, this paper presents an immune-based active defense model for Web attacks which is on the basis of the clone selection and hyper-mutation. Therefore, the immune learning algorithm and the attack detection mechanism are given. The risk of Web attacks is quantitatively analyzed on the relationship between the antibody concentration and the state of an illness in biological immune system (BIS). Theoretical analysis and experimental evaluation demonstrate that the model is more suitable for detecting unknown attacks, and provides an active defense mechanism for detecting network anomalies.

Keywords

Web services; learning (artificial intelligence); security of data; Web service; attack detection mechanism; biological immune system; clone selection; early warning mechanism; hyper mutation; immune learning algorithm; immune-based active defense model; intrusion detection system; network anomaly detection; response mechanism; unknown Web attacks; Biological system modeling; Cloning; Computer networks; Immune system; Information technology; Intrusion detection; Performance analysis; Risk analysis; Web server; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Convergence and Hybrid Information Technology, 2008. ICCIT '08. Third International Conference on

Conference_Location

Busan

Print_ISBN

978-0-7695-3407-7

Type

conf

DOI

10.1109/ICCIT.2008.151

Filename

4682223