Smart Detection and Classification of Application-Layer Intrusions in Web Directories

The Republic of Croatia homepage and directory of Croatian web servers (www.hr) attracts several thousand visitors daily, which makes it the target of various attacks. In order to lower the risk from such attacks, we propose a concept for an intrusion detection system and a classifier of detected intrusions. We first examined the concepts of existing intrusion detection systems and combined their individual benefits into a concept best suited for protecting web services on the application layer. The proposed concept uses machine learning techniques for both intrusion detection and classification. Intrusion detection, observed through analysis of requests, is implemented by a feed-forward neural network, while intrusion classification is done using self-organizing maps. The case study and preliminary evaluation is presented on the Republic of Croatia homepage (www.hr), followed by guidelines for further research.