Fuzzy Detection of Malicious Attacks on Web Applications Based on Hidden Markov Model Ensemble

摘要

This paper represents a system, which detects malicious HTTP request and obtains the lowest false-positive rate with high detection rate. For this purpose, each extracted feature of a HTTP request is modeled by multiple hidden Markov models as a classifier ensemble. HMMs outputs of an ensemble are fused to product a probabilistic value that showing normalcy of corresponding feature. In this system, instead of a threshold, a fuzzy inference is applied to produce a flexible decision boundary. So, fuzzy sets and rules of decision module are formed manually, next, output of each HMM ensemble is converted to a fuzzy value with respect to fuzzy sets. Finally, a fuzzy inference engine uses these values to produce output that indicates whether the HTTP request is normal or abnormal. Experiments show that this approach is flexible and has acceptable accuracy in detecting requests close to the decision boundary, and false-positive rate is 0.79%.