Content-based methodology for anomaly detection on the web

Authors:
Mark Last;Bracha Shapira;Yuval Elovici;Omer Zaafrany;Abraham Kandel
Affiliations:
Department of Information Systems Engineering, Ben-Gurion University of the Negev, Beer-Sheva, Israel;Department of Information Systems Engineering, Ben-Gurion University of the Negev, Beer-Sheva, Israel;Department of Information Systems Engineering, Ben-Gurion University of the Negev, Beer-Sheva, Israel;Department of Information Systems Engineering, Ben-Gurion University of the Negev, Beer-Sheva, Israel;Department of Computer Science and Engineering, University of South Florida, Tampa, FL
Venue:
AWIC'03 Proceedings of the 1st international Atlantic web intelligence conference on Advances in web intelligence
Year:
2003

Citing 24
Cited 4

Automatic text processing: the transformation, analysis, and retrieval of information by computer

Automatic text processing: the transformation, analysis, and retrieval of information by computer
Document retrieval: A structural approach

Information Processing and Management: an International Journal
Artificial intelligence: a modern approach

Artificial intelligence: a modern approach
Stereotypes in information filtering systems

Information Processing and Management: an International Journal
Activity monitoring: noticing interesting changes in behavior

KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Towards a taxonomy of intrusion-detection systems

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Data clustering: a review

ACM Computing Surveys (CSUR)
Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
A large scale distributed intrusion detection framework based on attack strategy analysis

Computer Networks: The International Journal of Computer and Telecommunications Networking
Experimentation with an information filtering system that combines cognitive and sociological filtering integrated with user stereotypes

Decision Support Systems - From information retrieval to knowledge management: enabling technologies and best practices
Data mining: concepts and techniques

Data mining: concepts and techniques
Intrusion detection using autonomous agents

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Improving intrusion detection performance using keyword selection and neural networks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A vector space model for automatic indexing

Communications of the ACM
Automatic keyword identification by artificial neural networks compared to manual identification by users of filtering systems

Information Processing and Management: an International Journal
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Principles of data mining

Principles of data mining
Information Filtering: Overview of Issues, Research and Systems

User Modeling and User-Adapted Interaction
ADMIT: anomaly-based data mining for intrusions

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
An Architecture for Intrusion Detection Using Autonomous Agents

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Applying CMAC-Based On-Line Learning to Intrusion Detection

IJCNN '00 Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN'00)-Volume 5 - Volume 5
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Intrusion detection through learning behavior model

Computer Communications
Modeling requests among cooperating intrusion detection systems

Computer Communications

Answering form-based web queries using the data-mining approach

Journal of Intelligent Information Systems
MUSIPER: a system for modeling music similarity perception based on objective feature subset selection

User Modeling and User-Adapted Interaction
Improving classification based off-topic search detection via category relationships

Proceedings of the 2009 ACM symposium on Applied Computing
Content-Based detection of terrorists browsing the web using an advanced terror detection system (ATDS)

ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics

Quantified Score

Hi-index	0.00

Visualization

Abstract

As became apparent after the tragic events of September 11, 2001, terrorist organizations and other criminal groups are increasingly using the legitimate ways of Internet access to conduct their malicious activities. Such actions cannot be detected by existing intrusion detection systems that are generally aimed at protecting computer systems and networks from some kind of "cyber attacks". Preparation of an attack against the human society itself can only be detected through analysis of the content accessed by the users. The proposed study aims at developing an innovative methodology for abnormal activity detection, which uses web content as the audit information provided to the detection system. The new behavior-based detection method learns the normal behavior by applying an unsupervised clustering algorithm to the contents of publicly available web pages viewed by a group of similar users. In this paper, we represent page content by the well-known vector space model. The content models of normal behavior are used in real-time to reveal deviation from normal behavior at a specific location on the net. The detection algorithm sensitivity is controlled by a threshold parameter. The method is evaluated by the trade-off between the detection rate (TP) and the false positive rate (FP).