A Hybrid Intrusion Detection Model for Web Log-Based Attacks

JOURNAL OF INTERNET TECHNOLOGY(2017)

Cited 3|Views20
No score
Abstract
Attacks against web-based applications is one of the most serious network security threats. Currently, web-based attacks are so complex that single detection method cannot cope with the emerging attacks. Motivated by this, we efficiently merge misuse detection as well as anomaly detection, and propose a hybrid intrusion detection model for web log-based attacks. In this hybrid model, the malicious logs, which cannot be detected by the misuse detection model, will be loaded into the anomaly detection model for a second check. Firstly, we analyze the inherent features of HTTP logs and thus set up the rule base so as to identify the known web log-based attacks. Moreover, we utilize the K-means clustering algorithm of data mining for logs to construct the normal behavior library so as to distinguish between normal behavior and abnormal behavior. Finally, we evaluate the performance of our solutions using massive realistic web logs. A series of experimental data demonstrate the effectiveness of our hybrid model that contributes to simultaneously achieve high detection rate and low false alarm rate.
More
Translated text
Key words
Web log attack,Intrusion detection,Misuse detection,Anomaly detection,K-means clustering
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined