Anomaly Detection in XML-Structured SOAP Messages Using Tree-Based Association Rule Mining
This addresses security vulnerabilities in web services for enterprises, but it is incremental as it builds on existing mining methods.
The paper tackled the problem of detecting attacks in XML-structured SOAP messages for web services by proposing a new approach using tree-based association rule mining, achieving a low false alarm rate while maintaining a high detection rate as demonstrated in a case study.
Web services are software systems designed for supporting interoperable dynamic cross-enterprise interactions. The result of attacks to Web services can be catastrophic and causing the disclosure of enterprises' confidential data. As new approaches of attacking arise every day, anomaly detection systems seem to be invaluable tools in this context. The aim of this work has been to target the attacks that reside in the Web service layer and the extensible markup language (XML)-structured simple object access protocol (SOAP) messages. After studying the shortcomings of the existing solutions, a new approach for detecting anomalies in Web services is outlined. More specifically, the proposed technique illustrates how to identify anomalies by employing mining methods on XML-structured SOAP messages. This technique also takes the advantages of tree-based association rule mining to extract knowledge in the training phase, which is used in the test phase to detect anomalies. In addition, this novel composition of techniques brings nearly low false alarm rate while maintaining the detection rate reasonably high, which is shown by a case study.