English

Securing Your Transactions: Detecting Anomalous Patterns In XML Documents

Cryptography and Security 2013-06-06 v3 Machine Learning

Abstract

XML transactions are used in many information systems to store data and interact with other systems. Abnormal transactions, the result of either an on-going cyber attack or the actions of a benign user, can potentially harm the interacting systems and therefore they are regarded as a threat. In this paper we address the problem of anomaly detection and localization in XML transactions using machine learning techniques. We present a new XML anomaly detection framework, XML-AD. Within this framework, an automatic method for extracting features from XML transactions was developed as well as a practical method for transforming XML features into vectors of fixed dimensionality. With these two methods in place, the XML-AD framework makes it possible to utilize general learning algorithms for anomaly detection. Central to the functioning of the framework is a novel multi-univariate anomaly detection algorithm, ADIFA. The framework was evaluated on four XML transactions datasets, captured from real information systems, in which it achieved over 89% true positive detection rate with less than a 0.2% false positive rate.

Keywords

Cite

@article{arxiv.1209.1797,
  title  = {Securing Your Transactions: Detecting Anomalous Patterns In XML Documents},
  author = {Eitan Menahem and Alon Schclar and Lior Rokach and Yuval Elovici},
  journal= {arXiv preprint arXiv:1209.1797},
  year   = {2013}
}

Comments

Journal version (14 pages)

R2 v1 2026-06-21T22:02:05.320Z