Attacks against web servers and web-based applications remain a serious global network security threat. Attackers are able to compromise web services, collect confidential information from web data bases, interrupt or completely paralyze web servers. In this study, we consider the analysis of HTTP logs for the detection of network intrusions. First, a training set of HTTP requests which does not contain any attacks is analyzed. When all relevant information has been extracted from the logs, several clustering and anomaly detection algorithms are employed to describe the model of normal users behavior. This model is then used to detect network attacks as deviations from the norms in an online mode. The simulation results presented show that, compared to other data mining algorithms, the method results in a higher accuracy rate.
Zolotukhin Mikhail, Hämäläinen Timo, Kokkonen Tero, Siltanen Jarmo
M. Zolotukhin, T. Hämäläinen, T. Kokkonen and J. Siltanen, “Analysis of HTTP Requests for Anomaly Detection of Web Attacks,” 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing, Dalian, 2014, pp. 406-411.