Securing Your Transactions: Detecting Anomalous Patterns In XML Documents

Add code
Jun 05, 2013
Eitan Menahem, Alon Schclar, Lior Rokach, Yuval Elovici
Figure 1 for Securing Your Transactions: Detecting Anomalous Patterns In XML Documents
Figure 2 for Securing Your Transactions: Detecting Anomalous Patterns In XML Documents
Figure 3 for Securing Your Transactions: Detecting Anomalous Patterns In XML Documents
Figure 4 for Securing Your Transactions: Detecting Anomalous Patterns In XML Documents

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

XML transactions are used in many information systems to store data and interact with other systems. Abnormal transactions, the result of either an on-going cyber attack or the actions of a benign user, can potentially harm the interacting systems and therefore they are regarded as a threat. In this paper we address the problem of anomaly detection and localization in XML transactions using machine learning techniques. We present a new XML anomaly detection framework, XML-AD. Within this framework, an automatic method for extracting features from XML transactions was developed as well as a practical method for transforming XML features into vectors of fixed dimensionality. With these two methods in place, the XML-AD framework makes it possible to utilize general learning algorithms for anomaly detection. Central to the functioning of the framework is a novel multi-univariate anomaly detection algorithm, ADIFA. The framework was evaluated on four XML transactions datasets, captured from real information systems, in which it achieved over 89% true positive detection rate with less than a 0.2% false positive rate.

* Journal version (14 pages)  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon