Visible to the public Explainable Detection of Zero Day Web Attacks

TitleExplainable Detection of Zero Day Web Attacks
Publication TypeConference Paper
Year of Publication2020
AuthorsSejr, J. H., Zimek, A., Schneider-Kamp, P.
Conference Name2020 3rd International Conference on Data Intelligence and Security (ICDIS)
Date PublishedJune 2020
ISBN Number978-1-7281-9379-3
KeywordsAnomaly, anomaly detection, composability, defense, explanation, Metrics, Pipelines, principal component analysis, Protocols, pubcrawl, resilience, Resiliency, security, Sparse matrices, Task Analysis, web security, zero day, Zero day attacks

The detection of malicious HTTP(S) requests is a pressing concern in cyber security, in particular given the proliferation of HTTP-based (micro-)service architectures. In addition to rule-based systems for known attacks, anomaly detection has been shown to be a promising approach for unknown (zero-day) attacks. This article extends existing work by integrating outlier explanations for individual requests into an end-to-end pipeline. These end-to-end explanations reflect the internal working of the pipeline. Empirically, we show that found explanations coincide with manually labelled explanations for identified outliers, allowing security professionals to quickly identify and understand malicious requests.

Citation Keysejr_explainable_2020