Web-based Military Management Systems Security Using Combination of One-class Classifiers

Authors

1 Master of Computer Engineering, School of Command and Control, Malik Ashtar University of Technology, Tehran, Iran

2 Associate Professor, Faculty of Command and Control, Malik Ashtar University of Technology, Tehran, Iran

Abstract

Cyber attacks against the web-based military command systems is very common in the age of
electronic warfare. Web application is one of the most widely used tools in the world wide web. Because of
its dynamic nature, it is vulnerable to serious security risks. Web-based command and control systems
security considerations are very important for the modern military managers. Anomaly based intrusion
detection is an approach that focuses on new and unknown attacks.
A method for anomaly detection in web applications using a combination of one-class classifiers, is
proposed. First, in preprocessing phase, normal HTTP traffic is logged and Features vector is extracted
from each HTTP request. The proposed method consists of two steps; In the training phase, the extracted
features vectors associated with each request, enter the system and the model of normal requests , using
combination of one-class classifiers, is learned. In the detection phase, anomaly detection operation is
performed on the features vector of each each HTTP request using learned model of the training phase.
S-OWA operator is used to combine the one-class classifiers. The data used for training and test are from
CSIC2012 dataset. Detection rate and false alarm rate obtained from experiments, shows better results than
other methods.

Keywords


[1]       Iranian Passive Defense Organization, “Internet, the Newest and Most Effective Weapon,” [Online]: Available: http://paydarymelli.ir/fa/news /2499, Accessed: 2014.
[2]       Iranian Passive Defense Organization “Cyber Wars in 21th Century,”[Online]:Available: http://paydarymelli.ir/fa/news/2472, Accessed: 2014.
[3]       C. Kruegel and G. Vigna, “Anomaly Detection of          Web-based Attacks,” In Proc of the 10th ACM Conference on Computer and Communications Security, ACM New York, pp.  251-261, 2003.
[4]       H. T. Nguyen, “ Reliable Machine Learning Algorithms for Intrusion Detection Systems, Ph.D. dissertation, Dept. of Computer Science, Gjøvik University College, Gjøvik, Norway, 2012.
[5]       C. Torrano‐Gimenez, H. T. Nguyen, G. Alvarez, and K. Franke, “Combining Expert Knowledge with Automatic Feature Extraction for Reliable Web Attack Detection,” Security and Communication Networks, vol. 8, pp. 2750-2767, August 2012.
[6]       K. L. Ingham, “Anomaly Detection for HTTP Iintrusion Detection: Algorithm Comparisons and the Effect of Generalization on Accuracy,” Ph.D. dissertation, Dept. of Computer Science, The University of New Mexico, Albuquerque, USA, 2007.
[7]       G. M. Nascimento, “Anomaly Detection of Web-based Attacks,” M. S. Thesis, Dept. of Computer Science, University of Lisbon, Lisbone, Portugal, 2010.
[8]       V. Chandola, A. Banerjee, and V. Kumar, “Anomaly Detection: A survey,” ACM Computing Surveys (CSUR), vol. 41, p. 15, July 2009.
[9]       D. M. J. Tax, “One-Class Classification,” Ph.d dissertation,  Dept. of Computer Science, Delft University, Delft,  Netherland, 2001.
 
[10]     S. Khandelwal, P. Shah, M. K. Bhavsar, and S. Gandhi, “Frontline Techniques to Prevent Web Application Vulnerability,” International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE), vol. 2, p. 208, 2013.
[11]     X. Ling, J. Huang, and H. Zhang, “Advances in Artificial Intelligence: AUC: a Better Measure than Accuracy in Comparing Learning Algorithms,” Advances in Artificial Intelligence, vol. 267, no. 1,  pp. 329-341, May  2003.
[12]     M. Rahmanimanesh, “Anomaly Detection of Adhoc Networks Using Nodes Validation,” Ph.D dissertation, Dept. of Computer Engineering, Tarbiat Modares University, Tehran, Iran, 2013.
[13]     M. Reformat and R. R. Yager, “Building ensemble classifiers using belief functions and OWA operators,” Soft Computing, vol. 12, pp. 543-558, April 2008.
[14]     D. Filev and R. R. Yager, “On the Issue of Obtaining OWA Operator Weights Fuzzy Sets and Systems,” vol. 94, pp. 157-169, March 1998.
[15]    C. Kruegel, G. Vigna, and W. Robertson, “A Multi-model Approach to the Detection of Web-based Attacks,” Computer Networks, vol. 48, pp. 717-738, August 2005.
[16]     T. Berners-Lee, R. Fielding, and H. Frystyk, “Hypertext Transfer Protocol, HTTP/1.0”, 1996.
[17]     A. P. Bradley, “The Use of the Area under the ROC Curve in the Evaluation of Machine Learning Algorithms,” Pattern recognition, vol. 30, pp. 1145-1159, July 1997. 
[18]     The HTTP Dataset CSIC2012, Department of Information Processing and Codification (T.I.C.), of the Institute of Applied Physics (I.F.A.), Spanish Scientific Research Council (C.S.I.C.), <http://iec.csic.es/dataset/>, 2012.
[19]     D. M. J.  Tax, “Dd tools 2012, the Data Description Toolbox for Matlab,” version 1.9.1.< http://prlab.tudelft.nl/david-tax/dd_tools.html >, 2013.
Volume 3, Issue 3 - Serial Number 3
February 2020
Pages 19-30
  • Receive Date: 07 April 2014
  • Revise Date: 21 June 2023
  • Accept Date: 19 September 2018
  • Publish Date: 22 November 2015