O-ADPI: Online Adaptive Deep-Packet Inspector Using Mahalanobis Distance Map for Web Service Attacks Classification

Kakavand, Mohsen; Mustapha, Aida; Tan, Zhiyuan; Foroozana, Sepideh; Arulsamy, Lingges

doi:10.1109/access.2019.2953791

O-ADPI: Online Adaptive Deep-Packet Inspector Using Mahalanobis Distance Map for Web Service Attacks Classification

Kakavand, Mohsen; Mustapha, Aida; Tan, Zhiyuan; Foroozana, Sepideh; Arulsamy, Lingges

Authors

Mohsen Kakavand

Aida Mustapha

Dr Thomas Tan Z.Tan@napier.ac.uk
Associate Professor

Sepideh Foroozana

Lingges Arulsamy

Abstract

Most active research in Host and Network Intrusion Detection Systems are only able to detect attacks of the computer systems and attacks at the network layer, which are not sufficient to counteract SOAP/REST or XML/JSON-related attacks. In dealing with the problem of anomaly detection in web service message datasets, this paper roposes an anomaly detection system called the Online Adaptive DeepPacket Inspector (O-ADPI) for web service message attacks classification. The proposed approach relies on multiple statistical methods which use Unigram-based Weighting Scheme (UWS) that combines text mining techniques with a set of different statistical criteria for Feature Selection Engine (FSE) to effectively and efficiently explore optimal subspaces in detecting anomalies embedded deep in the high dimensional feature subspaces. We utilize a supervised intrusion detection algorithm based on mahalanobis distance map classifier. As web service attacks can be classified into anomaly and normal, the task of anomaly detection can be modeled as a classification problem. The O-ADPI model was assessed for F-value, true positive rate (TPR), and false positive rate (FPR) in order to evaluate the detectionx performance of OADPI against different type of feature selections engines with corresponding PCs for each service messagespecific. The experiments were performed using the REST-IDS Dataset 2015 and the results demonstrated that the proposed O-ADPI model achieved the best results in each message-specific service.

Citation

Kakavand, M., Mustapha, A., Tan, Z., Foroozana, S., & Arulsamy, L. (2019). O-ADPI: Online Adaptive Deep-Packet Inspector Using Mahalanobis Distance Map for Web Service Attacks Classification. IEEE Access, 7, 167141-167156. https://doi.org/10.1109/access.2019.2953791

Journal Article Type	Article
Acceptance Date	Oct 29, 2019
Online Publication Date	Nov 15, 2019
Publication Date	2019
Deposit Date	Oct 31, 2019
Publicly Available Date	Nov 1, 2019
Journal	IEEE Access
Publisher	Institute of Electrical and Electronics Engineers
Peer Reviewed	Peer Reviewed
Volume	7
Pages	167141-167156
DOI	https://doi.org/10.1109/access.2019.2953791
Keywords	General Engineering; General Materials Science; General Computer Science
Public URL	http://researchrepository.napier.ac.uk/Output/2275939

Files

O-ADPI: Online Adaptive Deep-Packet Inspector Using Mahalanobis Distance Map For Web Service Attacks Classification (1.4 Mb)
PDF

Copyright Statement
(c) 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.