Anomaly detection of malicious users' behaviors for web applications based on web logs

With more and more online services developed into web applications, security problems based on web applications become more serious now. Most intrusion detection systems are based on every single request to find the cyber-attack instead of users' behaviors, and these systems can only protect web application from known vulnerability rather than some zero-day attacks. In order to detect newly developed attacks, we analyze web logs from web servers and define users' behaviors to divide them into normal and malicious ones. The result shows that by using the feature of web resources to define users' behaviors, a higher accuracy rate and lower false alarm rate of intrusion detection can be obtained.

[1]  Yuqing Sun,et al.  Detecting Malicious Behavior and Collusion for Online Rating System , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[2]  Anshu Aggarwal,et al.  HTTP: The Definitive Guide , 2002 .

[3]  Wen Kai Guo Fan An adaptive anomaly detection of WEB-based attacks , 2012, 2012 7th International Conference on Computer Science & Education (ICCSE).

[4]  Timo Hämäläinen,et al.  Analysis of HTTP Requests for Anomaly Detection of Web Attacks , 2014, 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing.

[5]  Zhaowen Lin,et al.  A hybrid web log based intrusion detection model , 2016, 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS).

[6]  Truong Son Pham,et al.  Machine learning techniques for web intrusion detection — A comparison , 2016, 2016 Eighth International Conference on Knowledge and Systems Engineering (KSE).

[7]  Debasish Das,et al.  A Web Intrusion Detection Mechanism based on Feature based Data Clustering , 2009, 2009 IEEE International Advance Computing Conference.