eprintid: 2639 rev_number: 7 eprint_status: archive userid: 275 dir: disk0/00/00/26/39 datestamp: 2017-11-16 04:32:03 lastmod: 2017-11-16 04:32:03 status_changed: 2017-11-16 04:32:03 type: conference_item metadata_visibility: show creators_name: Le, Dinh Thanh creators_name: Phan, Xuan Tien creators_id: thanhld@vnu.edu.vn creators_id: tienpx 57@vnu.edu.vn title: On the usage of character distribution for the detection of web attacks ispublished: pub subjects: IT divisions: fac_fit abstract: Character distribution has been extensively used in literature to build models for the detection of web attacks. This paper explores that character distribution models should be built at attribute level in order to achieve a reasonable accuracy. However, attaching detection models to every single attribute leads to high memory and time complexities, which make attribute-specific models less practical. To remove these barriers, a simple yet effective solution has been proposed. In more details, by exploiting the language function of characters, character distribution can be reduced in size and rearranged in an intentional manner so that both time and memory complexities are reduced significantly. Detection models that use minimized and rearranged character distribution are, therefore, highly efficient and practical, especially suitable to large, high-traffic web applications. date: 2017 date_type: published contact_email: thanhld@vnu.edu.vn full_text_status: none pres_type: paper event_title: The 9th International Conference on Knowledge and Systems Engineering (KSE) event_location: Hue, Vietnam event_dates: 19-21 October 2017 event_type: conference refereed: TRUE referencetext: [1] Cyber Attacks Statistics, http://www.hackmageddon.com/2016/01/11/2015-cyber-attacks-satistics, 2015. [2] C. Kruegel, G. Vigna and W. Robertson, ”A multi-model approach to the detection of web-based attacks,” Computer Networks, 48(5):717-738, 2005. [3] D. Palka and M. Zachara, ”Learning web application firewall - benefits and caveats,” ARES 2011, LNCS 6908, pp. 295-308, 2011. [4] C. Torrano-Gimenez, ”Study of stochastic and machine learning tech-niques for anomaly-based web attack detection,” PhD Dissertation, Uni-versidad Carlos III de Madrid, 2015. [5] K. Wang and S. Stolfo, ”Anomaly payload-based network intrusion detection,” Recent Advances in Intrusion Detection, Springer, pp. 203-222, 2004. [6] Web Application Security Statistics, http://projects.webappsec.org/w/page/13246989/Web-Application-Security-Statistics, 2008. [7] A. H. Yaacob, N. M. Ahmad, N. N. Ahmad and M. Roslee, ”Moving to-wards positive security model for web application firewall,” International Scholarly and Scientific Research & Innovation 6(12), 2012. citation: Le, Dinh Thanh and Phan, Xuan Tien (2017) On the usage of character distribution for the detection of web attacks. In: The 9th International Conference on Knowledge and Systems Engineering (KSE), 19-21 October 2017, Hue, Vietnam.