Abstract
Web application vulnerabilities represent a substantial portion of the security exposures of computer networks. Considering HTTP protocol is stateless, we explore the effectiveness of HTTP-session model to effectively describe http behavior. Based on the HTTP-session model and the analysis of http attack behavior, we present a novel framework to actively detect http attacks. Our method takes http requests as input and calculates anomalous probability for each session attribute and for the session as a whole as output. All the probabilities are weighted and summed up to produce final probability, and this probability is used to decide whether http session is attack or not. We demonstrate the effectiveness of the proposed methods via simulation studies using real-world web access logs. Experiments prove that our detection framework achieves high detection rates under very few false positives.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Chen, M., Park, J., Yu, P.: Data mining for path traversal patterns in a web environment. In: ICDCS (1996)
Liu, H., Kešelj, V.: Combined mining of Web server logs and web contents for classifying user navigation patterns and predicting users’ future requests. Data & Knowledge Engineering (2007)
Srikant, R., Yang, Y.: Mining web logs to improve website organization. In: International Conference on World Wide Web (2001)
Nuzman, C., Saniee, I., Sweldens, W., Weiss, A.: A compound model for TCP connection arrivals for LAN and WAN applications. Computer Networks 40(3), 319–337 (2002)
Kruegel, C., Vigna, G.: Anomaly detection of web based attacks. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 251–261 (2003)
Kruegel, C., Vigna, G., Robertson, W.: A Multi-model Approach to the Detection of Web-based Attacks. Journal of Computer Networks 48(5) (2005)
Valeur, F., Mutz, D., Vigna, G.: A learning-based approach to the detection of SQL attacks. In: Julisch, K., Krügel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 123–140. Springer, Heidelberg (2005)
Kantardzic, M.: Data Mining Concepts, Models, Methods and Algorithm. IEEE Press, New York (2002)
Yatagai, T., Isohara, T., Sasase, I.: Detection of HTTP-GET flood Attack Based on Analysis of Page Access Behavior. In: Proceedings of the 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Victoria, Canada, pp. 232–235 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jie, L., Jianwei, S., Changzhen, H. (2011). A Novel Framework for Active Detection of HTTP Based Attacks. In: Ma, M. (eds) Communication Systems and Information Technology. Lecture Notes in Electrical Engineering, vol 100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21762-3_53
Download citation
DOI: https://doi.org/10.1007/978-3-642-21762-3_53
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21761-6
Online ISBN: 978-3-642-21762-3
eBook Packages: EngineeringEngineering (R0)