Analysis of HTTP Requests for Anomaly Detection of Web Attacks

Author

Zolotukhin, Mikhail ; Hamalainen, Timo ; Kokkonen, Tero ; Siltanen, Jarmo

Author_Institution

Dept. of Math. Inf. Technol., Univ. of Jyvaskyla, Jyvaskyla, Finland

fYear

2014

fDate

24-27 Aug. 2014

Firstpage

406

Lastpage

411

Abstract

Attacks against web servers and web-based applications remain a serious global network security threat. Attackers are able to compromise web services, collect confidential information from web data bases, interrupt or completely paralyze web servers. In this study, we consider the analysis of HTTP logs for the detection of network intrusions. First, a training set of HTTP requests which does not contain any attacks is analyzed. When all relevant information has been extracted from the logs, several clustering and anomaly detection algorithms are employed to describe the model of normal users behavior. This model is then used to detect network attacks as deviations from the norms in an online mode. The simulation results presented show that, compared to other data mining algorithms, the method results in a higher accuracy rate.

Keywords

Web services; hypermedia; security of data; HTTP logs; HTTP request; Web attack; Web server; Web services; Web-based application; anomaly detection; clustering algorithm; global network security threat; network intrusion detection; Accuracy; Data mining; Entropy; Feature extraction; Training; Vectors; Web servers; anomaly detection; data mining; entropy; intrusion detection; n-gram;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on

Conference_Location

Dalian

Print_ISBN

978-1-4799-5078-2

Type

conf

DOI

10.1109/DASC.2014.79

Filename

6945724