Abstract
Considering the protection requirements of large organizations for multiple web applications, we design and implement an attack detection system. The system is built on the big data platform, which is highly scalable. It adopts the network-traffic-based detection, capturing, parsing and analyzing the HTTP packets passing by in real time. By analyzing historical data, we are able to get application-specific access patterns, which can help domain experts find out anomalies efficiently. Besides, based on the labels given by domain experts, semi-supervised learning is applied to build attack detection classifier. The system is deployed in the real network of our university and has detected dozens of attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
J Mchugh,A Christie,J Allen. Defending Yourself: The Role of Intrusion Detection Systems. IEEE Software, 2000, 17(5):42-51
D Barbará,J Couto,S Jajodia,L Popyack,N Wu. ADAM: Detecting Intrusions by Data Mining. Proceedings of the IEEE Workshop on Information Security, 2001:11–16
Y Gu, A Mccallum, D Towsley. Detecting anomalies in network traffic using maximum entropy estimation. ACM Sigcomm Conference on Internet Measurement, 2005:345-350
J Yu, H Lee, MS Kim, D Park. Traffic flooding attack detection with SNMP MIB using SVM. Computer Communications, 2008, 31(17):4212-4219
J Zhang, M Zulkernine. A Hybrid Network Intrusion Detection Technique Using Random Forests. International Conference on Availability, 2006, 37(8):262-269
G Jia, G Cheng, DM Gangahar,DK Agrawal. Traffic anomaly detection using k-means clustering. In. GI/ITG workshop MMBnet
SR Gaddam, VV Phoha, KS Balagani. K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods. IEEE Transactions on Knowledge & Data Engineering, 2007, 19(3):345-354
X. Zhu. Semi-supervised learning literature survey. Technical Report 1530, Department of Computer Sciences, University of Wisconsin at Madison, Madison, WI, Apr. 2006.
O. Chapelle, B. Schölkopf, A. Zien, eds. Semi-Supervised Learning, Cambridge, MA: MIT Press, 2006
M Almgren, E Jonsson. Using active learning in intrusion detection. Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04)
J Kreps, L Corp, N Narkhede, J Rao, L Corp: Kafka: a distributed messaging system for log processing. NetDB’11, Athens, 2011
S Ghemawat: The Google file system. ACM SIGOPS Operating Systems Review, 2003, 37(5):29-43
F Chang, J Dean, S Ghemawat, WC Hsieh, DA Wallach: Bigtable:a distributed storage system for structured data. ACM Transactions on Computer Systems, 2008, 26(2):205–218
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Jin, X., Yin, C., Yang, P., Cui, B. (2017). An Attack Detection System for Multiple Web Applications Based on Big Data Platform. In: Barolli, L., Xhafa, F., Yim, K. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2016. Lecture Notes on Data Engineering and Communications Technologies, vol 2. Springer, Cham. https://doi.org/10.1007/978-3-319-49106-6_35
Download citation
DOI: https://doi.org/10.1007/978-3-319-49106-6_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49105-9
Online ISBN: 978-3-319-49106-6
eBook Packages: EngineeringEngineering (R0)