Title :
Analysis of HTTP Requests for Anomaly Detection of Web Attacks
Author :
Zolotukhin, Mikhail ; Hamalainen, Timo ; Kokkonen, Tero ; Siltanen, Jarmo
Author_Institution :
Dept. of Math. Inf. Technol., Univ. of Jyvaskyla, Jyvaskyla, Finland
Abstract :
Attacks against web servers and web-based applications remain a serious global network security threat. Attackers are able to compromise web services, collect confidential information from web data bases, interrupt or completely paralyze web servers. In this study, we consider the analysis of HTTP logs for the detection of network intrusions. First, a training set of HTTP requests which does not contain any attacks is analyzed. When all relevant information has been extracted from the logs, several clustering and anomaly detection algorithms are employed to describe the model of normal users behavior. This model is then used to detect network attacks as deviations from the norms in an online mode. The simulation results presented show that, compared to other data mining algorithms, the method results in a higher accuracy rate.
Keywords :
Web services; hypermedia; security of data; HTTP logs; HTTP request; Web attack; Web server; Web services; Web-based application; anomaly detection; clustering algorithm; global network security threat; network intrusion detection; Accuracy; Data mining; Entropy; Feature extraction; Training; Vectors; Web servers; anomaly detection; data mining; entropy; intrusion detection; n-gram;
Conference_Titel :
Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on
Conference_Location :
Dalian
Print_ISBN :
978-1-4799-5078-2
DOI :
10.1109/DASC.2014.79
