DocumentCode
3075592
Title
A Web Intrusion Detection Mechanism based on Feature based Data Clustering
Author
Das, Debasish ; Sharma, Utpal ; Bhattacharyya, D.K.
Author_Institution
Dept. of Comput. Sci. & Eng., Tezpur Univ., Tezpur
fYear
2009
fDate
6-7 March 2009
Firstpage
1124
Lastpage
1129
Abstract
Web is one of the most popular internet services in today´s world. In today´s world, web servers and web based applications are the popular corporate applications and become the targets of the attackers. A Large number of Web applications, especially those deployed for companies to e-business operation involve high reliability, efficiency and confidentiality. Such applications are written in script languages like PHP embedded in HTML allowing establish the connection to databases, retrieving data and putting them in WWW site. In order to detect known attacks, misuse detection of web based attacks consists of attack rules and descriptions. As misuse detection considers predefined signatures for intrusion detection, here we have proposed two phases of intrusion detection mechanism. In the first phase we have used web host based intrusion detection with matching mechanism using ´Hamming Edit Distance´. We have considered here. the web layer log file for matching. This phase has been tested with our university intranet web server´s log file. We have tested successfully the SQL injection for unauthorized access. We proposed a ´Query based projected clustering´ for unsupervised anomaly detection and also a ´packet arrival factor´ for intrusion detection in the second phase. We tested the scheme in this phase using KDD CUP99. In this phase while testing our scheme, we have extracted the feature dataset with protocol ´tcp´ and services ´http´. Both the phases of our scheme found working successfully and an evaluated threshold has been proposed for better result.
Keywords
Internet; SQL; Web sites; hypermedia markup languages; pattern clustering; security of data; ´packet arrival factor´; HTML; Internet services; KDD CUP99; PHP; SQL; WWW site; Web based attacks; Web intrusion detection mechanism; Web layer log file; attack rules; data clustering; data retrieving; e-business operation; hamming edit distance; misuse detection; query based projected clustering; script languages; unauthorized access; Databases; Feature extraction; HTML; Information retrieval; Intrusion detection; Phase detection; Testing; Web and internet services; Web server; World Wide Web; Web intrusion; attack labeling; query based projected clustering; sql injection; web layer log matching;
fLanguage
English
Publisher
ieee
Conference_Titel
Advance Computing Conference, 2009. IACC 2009. IEEE International
Conference_Location
Patiala
Print_ISBN
978-1-4244-2927-1
Electronic_ISBN
978-1-4244-2928-8
Type
conf
DOI
10.1109/IADCC.2009.4809172
Filename
4809172
Link To Document