Data mining methods for anomaly detection of HTTP request exploitations

  • Authors:

  • Xiao-Feng Wang;Jing-Li Zhou;Sheng-Sheng Yu;Long-Zheng Cai

  • Affiliations:

  • Department of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China;Department of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China;Department of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China;Department of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China

  • Venue:
  • FSKD'05 Proceedings of the Second international conference on Fuzzy Systems and Knowledge Discovery - Volume Part II
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

HTTP request exploitations take substantial portion of network-based attacks. This paper presents a novel anomaly detection framework, which uses data mining technologies to build four independent detection models. In the training phase, these models mine specialty of every web program using web server log files as data source, and in the detection phase, each model takes the HTTP requests upon detection as input and calculates at least one anomalous probability as output. All the four models totally generate eight anomalous probabilities, which are weighted and summed up to produce a final probability, and this probability is used to decide whether the request is malicious or not. Experiments prove that our detection framework achieves close to perfect detection rate under very few false positives.