The detection of malicious HTTP(S) requests is a pressing concern in cyber security, in particular given the proliferation of HTTP-based (micro-)service architectures. In addition to rule-based systems for known attacks, anomaly detection has been shown to be a promising approach for unknown (zero-day) attacks. This article extends existing work by integrating outlier explanations for individual requests into an end-to-end pipeline. These end-to-end explanations reflect the internal working of the pipeline. Empirically, we show that found explanations coincide with manually labelled explanations for identified outliers, allowing security professionals to quickly identify and understand malicious requests.
|Titel||Proceedings - 2020 3rd International Conference on Data Intelligence and Security, ICDIS 2020|
|Status||Udgivet - jun. 2020|
|Begivenhed||3rd International Conference on Data Intelligence and Security, ICDIS 2020 - South Padre Island, USA|
Varighed: 10. nov. 2020 → 12. nov. 2020
|Konference||3rd International Conference on Data Intelligence and Security, ICDIS 2020|
|By||South Padre Island|
|Periode||10/11/2020 → 12/11/2020|
Bibliografisk noteFunding Information:
The research leading to these results has received funding from the Innovation Fund Denmark Grand Solutions grant 8057-00038A Drones4Energy project. https://drones4energy.dk/.
© 2020 IEEE.
Copyright 2021 Elsevier B.V., All rights reserved.