A Novel Anomaly Detection Approach for Mitigating Web-Based Attacks Against Clouds

In recent years, web-based attacks increase and become the top threat in cloud environments. To detect unknown web-based attacks, many studies resort to anomaly detection through analyzing web logs. This paper presents an anomaly detection approach, which includes a transforming model and a classifier model. The transforming model converts every entry into a vector, and every value in vector is obtained by training extracted features in statistical techniques and Naive Bayes, which can analyze URI or URL without query in web logs and establish a unified normal standard for different websites. A big real-life dataset of about 50.1GB web logs has been used to verify the effectiveness of our approach, and the experimental results show that our approach can achieve detection rate over 98% and false alarm rate less than 1.5%.

[1]  Gianluca Stringhini,et al.  Two years of short URLs internet measurement: security threats and countermeasures , 2013, WWW.

[2]  Salvatore J. Stolfo,et al.  Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic , 2009, NDSS.

[3]  Deokjai Choi,et al.  Application of Data Mining to Network Intrusion Detection: Classifier Selection Model , 2008, APNOMS.

[4]  Md. Al Mehedi Hasan,et al.  Support Vector Machine and Random Forest Modeling for Intrusion Detection System (IDS) , 2014 .

[5]  Meijuan Yin,et al.  Network Anomaly Detection Using Random Forests and Entropy of Traffic Features , 2012, 2012 Fourth International Conference on Multimedia Information Networking and Security.

[6]  M. Hemalatha,et al.  Effective approach toward Intrusion Detection System using data mining techniques , 2014 .

[7]  Suhardi,et al.  Design of anomaly-based intrusion detection and prevention system for smart city web application using rule-growth sequential pattern mining , 2014, 2014 International Conference on ICT For Smart Society (ICISS).

[8]  M. V. Jahan,et al.  Fuzzy Detection of Malicious Attacks on Web Applications Based on Hidden Markov Model Ensemble , 2012, 2012 Third International Conference on Intelligent Systems Modelling and Simulation.

[9]  Timo Hämäläinen,et al.  An Efficient Network Log Anomaly Detection System Using Random Projection Dimensionality Reduction , 2014, 2014 6th International Conference on New Technologies, Mobility and Security (NTMS).

[10]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[11]  Wen Kai Guo Fan An adaptive anomaly detection of WEB-based attacks , 2012, 2012 7th International Conference on Computer Science & Education (ICCSE).

[12]  Timo Hämäläinen,et al.  Analysis of HTTP Requests for Anomaly Detection of Web Attacks , 2014, 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing.

[13]  Sudhir Kumar Sharma,et al.  An Empirical Comparison of Classifiers to Analyze Intrusion Detection , 2015, 2015 Fifth International Conference on Advanced Computing & Communication Technologies.

[14]  Lilly Suriani Affendey,et al.  Intrusion detection using data mining techniques , 2010, 2010 International Conference on Information Retrieval & Knowledge Management (CAMP).

[15]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[16]  Christopher Krügel,et al.  Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks , 2006, NDSS.

[17]  Thanunchai Threepak,et al.  Web attack detection using entropy-based analysis , 2014, The International Conference on Information Networking 2014 (ICOIN2014).