Explainable detection of zero day web attacks

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

The detection of malicious HTTP(S) requests is a pressing concern in cyber security, in particular given the proliferation of HTTP-based (micro-)service architectures. In addition to rule-based systems for known attacks, anomaly detection has been shown to be a promising approach for unknown (zero-day) attacks. This article extends existing work by integrating outlier explanations for individual requests into an end-to-end pipeline. These end-to-end explanations reflect the internal working of the pipeline. Empirically, we show that found explanations coincide with manually labelled explanations for identified outliers, allowing security professionals to quickly identify and understand malicious requests.

Original languageEnglish
Title of host publicationProceedings - 2020 3rd International Conference on Data Intelligence and Security, ICDIS 2020
PublisherIEEE
Publication dateJun 2020
Pages71-78
Article number9323006
ISBN (Electronic)9781728193793
DOIs
Publication statusPublished - Jun 2020
Event3rd International Conference on Data Intelligence and Security, ICDIS 2020 - South Padre Island, United States
Duration: 10. Nov 202012. Nov 2020

Conference

Conference3rd International Conference on Data Intelligence and Security, ICDIS 2020
Country/TerritoryUnited States
CitySouth Padre Island
Period10/11/202012/11/2020

Keywords

  • Anomaly
  • Explanation
  • Web security
  • Zero day

Cite this