Explainable Detection of Zero Day Web Attacks
| Title | Explainable Detection of Zero Day Web Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Sejr, J. H., Zimek, A., Schneider-Kamp, P. |
| Conference Name | 2020 3rd International Conference on Data Intelligence and Security (ICDIS) |
| Date Published | June 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-9379-3 |
| Keywords | Anomaly, anomaly detection, composability, defense, explanation, Metrics, Pipelines, principal component analysis, Protocols, pubcrawl, resilience, Resiliency, security, Sparse matrices, Task Analysis, web security, zero day, Zero day attacks |
| Abstract | The detection of malicious HTTP(S) requests is a pressing concern in cyber security, in particular given the proliferation of HTTP-based (micro-)service architectures. In addition to rule-based systems for known attacks, anomaly detection has been shown to be a promising approach for unknown (zero-day) attacks. This article extends existing work by integrating outlier explanations for individual requests into an end-to-end pipeline. These end-to-end explanations reflect the internal working of the pipeline. Empirically, we show that found explanations coincide with manually labelled explanations for identified outliers, allowing security professionals to quickly identify and understand malicious requests. |
| URL | https://ieeexplore.ieee.org/document/9323006 |
| DOI | 10.1109/ICDIS50059.2020.00016 |
| Citation Key | sejr_explainable_2020 |