Title :
Online anomaly detection by using N-gram model and growing hierarchical self-organizing maps
Author :
Zolotukhin, Mikhail ; Hämäläinen, Timo ; Juvonen, Antti
Author_Institution :
Dept. of Math. Inf. Technol., Univ. of Jyvaskyla, Jyvaskyla, Finland
Abstract :
In this research, online detection of anomalous HTTP requests is carried out with Growing Hierarchical Self-Organizing Maps (GHSOMs). By applying an n-gram model to HTTP requests from network logs, feature matrices are formed. GHSOMs are then used to analyze these matrices and detect anomalous requests among new requests received by the webserver. The system proposed is self-adaptive and allows detection of online malicious attacks in the case of continuously updated web-applications. The method is tested with network logs, which include normal and intrusive requests. Almost all anomalous requests from these logs are detected while keeping the false positive rate at a very low level.
Keywords :
Internet; computer network security; hypermedia; self-organising feature maps; GHSOM; N-gram model; Web server; anomalous HTTP requests; anomalous requests; continuously updated Web-applications; feature matrices; growing hierarchical self-organizing maps; network logs; online anomaly detection; online detection; online malicious attacks detection; Neurons; Numerical models; Quantization; Servers; Testing; Training; Vectors; Data mining; anomaly detection; growing hierarchical self-organizing map; intrusion detection; n-gram;
Conference_Titel :
Wireless Communications and Mobile Computing Conference (IWCMC), 2012 8th International
Conference_Location :
Limassol
Print_ISBN :
978-1-4577-1378-1
DOI :
10.1109/IWCMC.2012.6314176
