Explainable detection of zero day web attacks

Publikation: Kapitel i bog/rapport/konference-proceedingKonferencebidrag i proceedingsForskningpeer review

Abstrakt

The detection of malicious HTTP(S) requests is a pressing concern in cyber security, in particular given the proliferation of HTTP-based (micro-)service architectures. In addition to rule-based systems for known attacks, anomaly detection has been shown to be a promising approach for unknown (zero-day) attacks. This article extends existing work by integrating outlier explanations for individual requests into an end-to-end pipeline. These end-to-end explanations reflect the internal working of the pipeline. Empirically, we show that found explanations coincide with manually labelled explanations for identified outliers, allowing security professionals to quickly identify and understand malicious requests.

OriginalsprogEngelsk
TitelProceedings - 2020 3rd International Conference on Data Intelligence and Security, ICDIS 2020
ForlagIEEE
Publikationsdatojun. 2020
Sider71-78
Artikelnummer9323006
ISBN (Elektronisk)9781728193793
DOI
StatusUdgivet - jun. 2020
Begivenhed3rd International Conference on Data Intelligence and Security, ICDIS 2020 - South Padre Island, USA
Varighed: 10. nov. 202012. nov. 2020

Konference

Konference3rd International Conference on Data Intelligence and Security, ICDIS 2020
Land/OmrådeUSA
BySouth Padre Island
Periode10/11/202012/11/2020

Bibliografisk note

Funding Information:
The research leading to these results has received funding from the Innovation Fund Denmark Grand Solutions grant 8057-00038A Drones4Energy project. https://drones4energy.dk/.

Publisher Copyright:
© 2020 IEEE.

Copyright:
Copyright 2021 Elsevier B.V., All rights reserved.

Citationsformater