INTRUSION DETECTION FOR WEB SERVER USING SSVM

摘要

We propose a network-based intrusion detectionsystem (NIDS) for detecting attacks on Microsoft IIS webserver. The classifier used in the system is based on smoothsupport vector machine (SSVM). Since SSVM is a binaryclassifier, in order to recognize attacks we use hierarchicalSSVMs. The NIDS captures HTTP request packet, andderives features from payload but header information. Byexperiments, the NIDS captured 27,654 HTTP requestpackets on-line, consisting of 15,517 normal and 12,137abnormal packets, the true positive rate is 99.23% and thefalse alarm instance is zero. Experimental results also showthat our NIDS can detect unknown or novel attack from64.90% to 97.20%, depending on their signatures variation.Moreover, our NIDS takes only 6.5×10-4 second in averagefor processing an incoming packet in a PC with 2.4GHZCPU and 256MB RAM.