A general framework for adaptive and online detection of web attacks

Authors:
Wei Wang;Florent Masseglia;Thomas Guyet;Rene Quiniou;Marie-Odile Cordier
Affiliations:
Project AxIS, INRIA Sophia Antipolis, Sophia Antipolis, France;Project AxIS, INRIA Sophia Antipolis, Sophia Antipolis, France;Projet DREAM, IRISA, Rennes, France;Projet DREAM, IRISA, Rennes, France;Projet DREAM, IRISA, Rennes, France
Venue:
Proceedings of the 18th international conference on World wide web
Year:
2009

Citing 1
Cited 2

Comparing anomaly detection techniques for HTTP

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection

Autonomic Intrusion Detection System

RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
A novel approach to visualize web anomaly attacks in pervasive computing environment

The Journal of Supercomputing

Quantified Score

Hi-index	0.01

Visualization

Abstract

Detection of web attacks is an important issue in current defense-in-depth security framework. In this paper, we propose a novel general framework for adaptive and online detection of web attacks. The general framework can be based on any online clustering methods. A detection model based on the framework is able to learn online and deal with "concept drift" in web audit data streams. Str-DBSCAN that we extended DBSCAN to streaming data as well as StrAP are both used to validate the framework. The detection model based on the framework automatically labels the web audit data and adapts to normal behavior changes while identifies attacks through dynamical clustering of the streaming data. A very large size of real HTTP Log data collected in our institute is used to validate the framework and the model. The preliminary testing results demonstrated its effectiveness.