Classification of HTTP Attacks: A Study on the ECML/PKDD 2007 Discovery Challenge
- Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
As the world becomes more reliant on Web applications for commercial, financial, and medical transactions, cyber attacks on the World Wide Web are increasing in frequency and severity. Web applications provide an attractive alternative to traditional desktop applications due to their accessibility and ease of deployment. However, the accessibility of Web applications also makes them extremely vulnerable to attack. This inherent vulnerability is intensified by the distributed nature ofWeb applications and the complexity of configuring application servers. These factors have led to a proliferation of Web-based attacks, in which attackers surreptitiously inject code into HTTP requests, allowing them to execute arbitrary commands on remote systems and perform malicious activities such as reading, altering, or destroying sensitive data. One approach for dealing with HTTP-based attacks is to identify malicious code in incoming HTTP requests and eliminate bad requests before they are processed. Using machine learning techniques, we can build a classifier to automatically label requests as “Valid” or “Attack.” For this study, we develop a simple, but effective HTTP attack classifier, based on the vector space model used commonly for Information Retrieval. Our classifier not only separates attacks from valid requests, but can also identify specific attack types (e.g., “SQL Injection” or “Path Traversal”). We demonstrate the effectiveness of our approach through experiments on the ECML/PKDD 2007 Discovery Challenge data set. Specifically, we show that our approach achieves higher precision and recall than previous methods. In addition, our approach has a number of desirable characteristics, including robustness to missing contextual information, interpretability of models, and scalability.
- Research Organization:
- Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- W-7405-ENG-48
- OSTI ID:
- 1113394
- Report Number(s):
- LLNL-TR--414570
- Country of Publication:
- United States
- Language:
- English
Similar Records
Using the Domain Name System to Thwart Automated Client-Based Attacks
Attack on Grid Event Cause Analysis: An Adversarial Machine Learning Approach
Identifying and Analyzing Web Server Attacks
Technical Report
·
Thu Sep 01 00:00:00 EDT 2011
·
OSTI ID:1024283
Attack on Grid Event Cause Analysis: An Adversarial Machine Learning Approach
Conference
·
Fri Jan 31 23:00:00 EST 2020
· 2020 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT)
·
OSTI ID:1958805
Identifying and Analyzing Web Server Attacks
Book
·
Fri Aug 29 00:00:00 EDT 2008
·
OSTI ID:983441