Download to read offline
![Venkat Java Projects
Mobile:+91 9966499110 Visit:www.venkatjavaprojects.com
Email:venkatjavaprojects@gmail.com
MACHINE LEARNING TECHNIQUES APPLIED TO DETECT CYBER
ATTACKS ON WEB APPLICATIONS
Abstract:
The increased usage of cloud services, growing number of web applications users, changes in
network infrastructure that connects devices running mobile operating systems and constantly
evolving network technology cause novel challenges for cyber security. As a result, to counter
arising threats, network security mechanisms, sensors and protection schemes also have to
evolve, to address the needs and problems of the users. In this article, we focus on countering
emerging application layer cyber attacks since those are listed as top threats and the main
challenge for network and cyber security. The major contribution of the article is the
proposition of machine learning approach to model normal behaviour of application and to
detect cyber attacks. The model consists of patterns (in form of Perl Compatible Regular
Expressions (PCRE) regular expressions) that are obtained using graph-based segmentation
technique and dynamic programming. The model is based on information obtained from HTTP
requests generated by client to a web server. We have evaluated our method on CSIC 2010
HTTP Dataset achieving satisfactory results.
Keywords: Cyber attacks detection, cyber security, application layer, anomaly detection.
Existing System:
Recently machine learning-based algorithms have been used for developing signatures that will
efficiently identify both the code and behaviour of the malicious code. The Network-based
Signature Generation (NSG) [6], Length-based Signature Generation (LSEG) [7] and F-Sign [8]
are the examples of algorithms designed for automated and fast extraction of signatures of
polymorphic worms. The LESG algorithm targets those worms that use buffer overflow attack
to infect victims, whereas the F-Sign extracts the signature on a basis of the code of a worm
(such signature can be used to detect and stop the worm from spreading). In literature there
are also algorithms such as SA (Semantic Aware [9]) that are designed to generate the
signatures of malicious software on a basis of the network traffic they generate. Such solutions
can even properly identify malicious behaviour when the traffic is noise-like.](https://image.slidesharecdn.com/machinelearningtechniquesappliedtodetectcyberattacksonwebapplications-210304104254/75/Machine-learning-techniques-applied-to-detect-cyber-attacks-on-web-applications-1-2048.jpg)
![Venkat Java Projects
Mobile:+91 9966499110 Visit:www.venkatjavaprojects.com
Email:venkatjavaprojects@gmail.com
There are different supervised anomaly-based solutions adapting a wide range of machine
learning approaches for network attack detection. The majority of solutions typically have two
phases of attack detection, namely feature vector extraction and algorithm learning phase. For
example in [18], the authors adapted information theory for cyber attack detection. Entropy
and information gain are used as the metric. To detect the anomalies the linear classifier was
used. In [19] the authors used k-NN classifier and operating system events (e.g. the number of
opened processes, system calls, etc.) to detect anomalous behaviour of applications. In [20],
the authors used k-NN classifier and metrics similar to KDD Cup’99 dataset to detect SYN
Flooding, U2R (unauthorized access to local super user) and R2L (remote-to-local) attacks.
Combined classifiers and nueral nets for spam detection were used in [21]. In [22], the authors
adapted a statistical approach for Denial of Service (DoS) attack detection. Upon the feature
vectors, which included a number of User Datagram Protocol (UDP) and Transmission Control
Protocol (TCP) packets and their sizes, the authors trained the Naive Bayes classifier. Discrete
Wavelet Transform and Matching Pursuit have been also successfully applied to calculate
features on the basis of various network parameters
Proposed System:
The proposed method adapts machine learning paradigm. During the learning phase the
labelled data is required to establish the model parameters of the normal application
behaviour.
We propose to use a graph-based approach to build a set of regular expressions that model the
normal HTTP requests sent by client to the web application](https://image.slidesharecdn.com/machinelearningtechniquesappliedtodetectcyberattacksonwebapplications-210304104254/75/Machine-learning-techniques-applied-to-detect-cyber-attacks-on-web-applications-2-2048.jpg)
Uploaded byVenkat Projects
Machine learning techniques applied to detect cyber attacks on web applications
This document discusses using machine learning techniques to detect cyber attacks on web applications. It proposes using a graph-based approach and regular expressions to model normal HTTP request behavior during a learning phase. This would establish a baseline for detecting anomalies and potential attacks. Existing approaches are also reviewed that use algorithms like NSG, LSEG and F-Sign to generate signatures for detecting malware based on network traffic patterns or software code. Supervised machine learning methods have also been applied using features extracted from network data and classifiers like k-NN, Naive Bayes and neural networks. The proposed system would adapt this machine learning paradigm to specifically detect attacks on web applications.
More Related Content
Similar to Machine learning techniques applied to detect cyber attacks on web applications
More from Venkat Projects
Machine learning techniques applied to detect cyber attacks on web applications
- 1. Venkat Java Projects Mobile:+919966499110 Visit:www.venkatjavaprojects.com Email:venkatjavaprojects@gmail.com MACHINE LEARNING TECHNIQUES APPLIED TO DETECT CYBER ATTACKS ON WEB APPLICATIONS Abstract: The increased usage of cloud services, growing number of web applications users, changes in network infrastructure that connects devices running mobile operating systems and constantly evolving network technology cause novel challenges for cyber security. As a result, to counter arising threats, network security mechanisms, sensors and protection schemes also have to evolve, to address the needs and problems of the users. In this article, we focus on countering emerging application layer cyber attacks since those are listed as top threats and the main challenge for network and cyber security. The major contribution of the article is the proposition of machine learning approach to model normal behaviour of application and to detect cyber attacks. The model consists of patterns (in form of Perl Compatible Regular Expressions (PCRE) regular expressions) that are obtained using graph-based segmentation technique and dynamic programming. The model is based on information obtained from HTTP requests generated by client to a web server. We have evaluated our method on CSIC 2010 HTTP Dataset achieving satisfactory results. Keywords: Cyber attacks detection, cyber security, application layer, anomaly detection. Existing System: Recently machine learning-based algorithms have been used for developing signatures that will efficiently identify both the code and behaviour of the malicious code. The Network-based Signature Generation (NSG) [6], Length-based Signature Generation (LSEG) [7] and F-Sign [8] are the examples of algorithms designed for automated and fast extraction of signatures of polymorphic worms. The LESG algorithm targets those worms that use buffer overflow attack to infect victims, whereas the F-Sign extracts the signature on a basis of the code of a worm (such signature can be used to detect and stop the worm from spreading). In literature there are also algorithms such as SA (Semantic Aware [9]) that are designed to generate the signatures of malicious software on a basis of the network traffic they generate. Such solutions can even properly identify malicious behaviour when the traffic is noise-like.
- 2. Venkat Java Projects Mobile:+919966499110 Visit:www.venkatjavaprojects.com Email:venkatjavaprojects@gmail.com There are different supervised anomaly-based solutions adapting a wide range of machine learning approaches for network attack detection. The majority of solutions typically have two phases of attack detection, namely feature vector extraction and algorithm learning phase. For example in [18], the authors adapted information theory for cyber attack detection. Entropy and information gain are used as the metric. To detect the anomalies the linear classifier was used. In [19] the authors used k-NN classifier and operating system events (e.g. the number of opened processes, system calls, etc.) to detect anomalous behaviour of applications. In [20], the authors used k-NN classifier and metrics similar to KDD Cup’99 dataset to detect SYN Flooding, U2R (unauthorized access to local super user) and R2L (remote-to-local) attacks. Combined classifiers and nueral nets for spam detection were used in [21]. In [22], the authors adapted a statistical approach for Denial of Service (DoS) attack detection. Upon the feature vectors, which included a number of User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) packets and their sizes, the authors trained the Naive Bayes classifier. Discrete Wavelet Transform and Matching Pursuit have been also successfully applied to calculate features on the basis of various network parameters Proposed System: The proposed method adapts machine learning paradigm. During the learning phase the labelled data is required to establish the model parameters of the normal application behaviour. We propose to use a graph-based approach to build a set of regular expressions that model the normal HTTP requests sent by client to the web application