Intrusion Detection and Avoidance for a Heterogeneous Cluster of Web Sites

  • Darren RamsookEmail author
  • Patrick Hosein
  • Akash Pooransingh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11938)


This paper outlines the design of a Hybrid Intrusion Detection System for a Web-Server hosting a heterogeneous cluster of web sites. This system was trained using the Classification and Regression Tree (CART) technique, with the Gini index as the measure of impurity, and allows for a headless operation once deployed. The model utilizes information that was mined from the Access logs of a web server. The system automatically performs pre-processing, classification and the blacklisting of those IP addresses deemed to be harmful. This model relies on the correlation between the server issued status codes, HTTP Methods, types of files being accessed, the geographical location of the client and the prospect of that being malicious. This system, which was made open source for both public use and development, achieved an accuracy score of 94.5% on the test set. This paper is aimed to Internet as a complex network Conference.


Intrusion detection IP Blacklist Decision tree Geolocation 


  1. 1.
  2. 2.
    Breiman, L.: Classification and Regression Trees. Routledge, New York (2017)CrossRefGoogle Scholar
  3. 3.
    Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2016). Scholar
  4. 4.
    DarrenR96: Darrenr96/ai-apache-server-intrusion-detection-and-avoidance, May 2019.
  5. 5.
    Grace, L., Maheswari, V., Nagamalai, D.: Analysis of web logs and web user in web mining. arXiv preprint: arXiv:1101.5668 (2011)
  6. 6.
    IPInfoDB: IP info, IP geolocation tools and API.
  7. 7.
    Jaccard, P.: Nouvelles recherches sur la distribution florale. Bull. Soc. Vaud. Sci. Nat. 44, 223–270 (1908)Google Scholar
  8. 8.
    Pamnani, R., Chawan, P.: Web usage mining: a research area in web mining. In: Proceedings of ISCET, pp. 73–77 (2010)Google Scholar
  9. 9.
    Radware: Radware’s 2018-2019 global application & network security report (2018). Accessed 20 Apr 2019
  10. 10.
    Singh, N., Jain, A., Raw, R.S., Raman, R.: Detection of web-based attacks by analyzing web server log files. In: Mohapatra, D.P., Patnaik, S. (eds.) Intelligent Computing, Networking, and Informatics. AISC, vol. 243, pp. 101–109. Springer, New Delhi (2014). Scholar
  11. 11.
    Suneetha, K., Krishnamoorthi, R.: Identifying user behavior by analyzing web server access log file. IJCSNS Int. J. Comput. Sci. Netw. Secur. 9(4), 327–332 (2009)Google Scholar
  12. 12.
    Tharshini, M., Ragavinodini, M., Senthilkumar, R.: Access log anomaly detection. In: 2017 Ninth International Conference on Advanced Computing (ICoAC), pp. 375–381. IEEE (2017)Google Scholar
  13. 13.
    Thuraisingham, B., Khan, L., Masud, M.M., Hamlen, K.W.: Data mining for security applications. In: 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, vol. 2, pp. 585–589. IEEE (2008)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.The University of the West IndiesSt. AugustineTrinidad

Personalised recommendations