Web Service Intrusion Detection Using a Probabilistic Framework

Abstract

In this paper, we propose an anomaly-based approach to detect intrusions attempts that may target web services. These intrusions (or attacks) are modeled as outliers (or noise) within a principled probabilistic framework. The proposed framework is based on finite Gaussian mixtures and allows the detection of both previously seen and unknown attacks against web services. The main idea of our framework is based on the consideration of malicious requests as outliers within our finite mixture model. Using this idea the intrusion detection problem is reduced to an adversarial classification problem. The merits of the proposed approach are shown using a data set containing both normal and intrusive requests, which were collected from a large real-life web service. © Springer International Publishing Switzerland 2015.