Adaptively Detecting Malicious Queries in Web Attacks
Ying Dong, Yuqing Zhang

TL;DR
This paper introduces AMODS, an adaptive system that updates detection models to identify evolving malicious web queries, significantly improving detection accuracy and reducing manual effort.
Contribution
We propose AMODS, a novel adaptive detection system with SVM HYBRID strategy, capable of detecting new web attacks and minimizing manual intervention.
Findings
Achieved an F-value of 94.79% in detection accuracy.
Reduced false positive rate to 0.09%.
Detected 2.78 times more malicious queries than previous methods.
Abstract
Web request query strings (queries), which pass parameters to the referenced resource, are always manipulated by attackers to retrieve sensitive data and even take full control of victim web servers and web applications. However, existing malicious query detection approaches in the current literature cannot cope with changing web attacks with constant detection models. In this paper, we propose AMODS, an adaptive system that periodically updates the detection model to detect the latest unknown attacks. We also propose an adaptive learning strategy, called SVM HYBRID, leveraged by our system to minimize manual work. In the evaluation, an up-to-date detection model is trained on a ten-day query dataset collected from an academic institute's web server logs. Our system outperforms existing web attack detection methods, with an F-value of 94.79% and FP rate of 0.09%. The total number of…
Click any figure to enlarge with its caption.
Figure 1
Figure 10
Figure 11
Figure 12
Figure 13
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 14Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
See pages 1-last of main.pdf
