S.-J. Horng, M.-Y. Su, and S.-W. Lan (Taiwan)
Network Security, IDS, SVM, SSVM, IIS
We propose a network-based intrusion detection system (NIDS) for detecting attacks on Microsoft IIS web server. The classifier used in the system is based on smooth support vector machine (SSVM). Since SSVM is a binary classifier, in order to recognize attacks we use hierarchical SSVMs. The NIDS captures HTTP request packet, and derives features from payload but header information. By experiments, the NIDS captured 27,654 HTTP request packets on-line, consisting of 15,517 normal and 12,137 abnormal packets, the true positive rate is 99.23% and the false alarm instance is zero. Experimental results also show that our NIDS can detect unknown or novel attack from 64.90% to 97.20%, depending on their signatures variation. Moreover, our NIDS takes only 6.510-4 second in average for processing an incoming packet in a PC with 2.4GHZ CPU and 256MB RAM.
Important Links:
Go Back