ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A general framework for adaptive and online detection of web attacks
Full text PdfPdf (457 KB)
Source
International World Wide Web Conference archive
Proceedings of the 18th international conference on World wide web table of contents
Madrid, Spain
POSTER SESSION: Thursday, April 23, 2009 table of contents
Pages 1141-1142  
Year of Publication: 2009
ISBN:978-1-60558-487-4
Authors
Wei Wang  Project AxIS, INRIA Sophia Antipolis, Sophia Antipolis, France
Florent Masseglia  Project AxIS, INRIA Sophia Antipolis, Sophia Antipolis, France
Thomas Guyet  Projet DREAM, IRISA, Rennes, France
Rene Quiniou  Projet DREAM, IRISA, Rennes, France
Marie-Odile Cordier  Projet DREAM, IRISA, Rennes, France
Sponsor
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 21,   Downloads (12 Months): 87,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1526709.1526897
What is a DOI?

ABSTRACT

Detection of web attacks is an important issue in current defense-in-depth security framework. In this paper, we propose a novel general framework for adaptive and online detection of web attacks. The general framework can be based on any online clustering methods. A detection model based on the framework is able to learn online and deal with "concept drift" in web audit data streams. Str-DBSCAN that we extended DBSCAN to streaming data as well as StrAP are both used to validate the framework. The detection model based on the framework automatically labels the web audit data and adapts to normal behavior changes while identifies attacks through dynamical clustering of the streaming data. A very large size of real HTTP Log data collected in our institute is used to validate the framework and the model. The preliminary testing results demonstrated its effectiveness.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
M. Ester. A density-based algorithm for discovering clusters in large spatial databases with noise. In KDD, 1996.
 
2
K. Ingham and H. Inoue. Comparing anomaly detection techniques for http. In 10th International Symposium on Recent Advances in Intrusion Detection, 2007.
 
3
Xiangliang Zhang , Cyril Furtlehner , Michèle Sebag, Data Streaming with Affinity Propagation, Proceedings of the European conference on Machine Learning and Knowledge Discovery in Databases - Part II, September 15-19, 2008, Antwerp, Belgium  [doi>10.1007/978-3-540-87481-2_41]

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)


General Terms:
Algorithms, Experimentation, Measurement, Security


Keywords:
anomaly detection, clustering, intrusion detection

Collaborative Colleagues:
Wei Wang: colleagues
Florent Masseglia: colleagues
Thomas Guyet: colleagues
Rene Quiniou: colleagues
Marie-Odile Cordier: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player