Analysis and classification of web proxy logs based on patterns of traffic rates

Author

Kiatkumjounwong, Nattapol ; Ngamsuriyaroj, Sudsanguan ; Plangprasopchok, Anon ; Hoonlor, Apirak

Author_Institution

Fac. of Inf. & Commun. Technol., Mahidol Univ., Nakhon Pathom, Thailand

fYear

2014

fDate

22-25 Oct. 2014

Firstpage

1

Lastpage

5

Abstract

Logs are typically used for performing post mortem for abnormal activities. Most Internet service providers keep the history of users´ web accesses in terms of proxy logs for investigating a misuse or fraud. However, the majority of the logs represent normal behavior, and no thorough analysis of such logs is usually performed, keeping them on storage would consume very big space. This paper analyzes the characteristics of such logs and classifies them into normal, medium, high and burst rate using five main attributes: IP address, bandwidth, duration, file category, and file type. Our experimental results show different rates for each file type in five popular file categories. The results will be used in classifying web access logs and filtering out abnormal from normal logs so that only abnormal logs are kept for fast investigation.

Keywords

Internet; information analysis; pattern classification; IP address attribute; Internet service providers; Web proxy logs analysis; Web proxy logs classification; bandwidth attribute; duration attribute; file category attribute; file type attribute; traffic rate pattern; Algorithm design and analysis; Bandwidth; Clustering algorithms; Data mining; IP networks; Itemsets; Servers; Burst rate traffic; Traffic Rate classification; Web proxy logs;

fLanguage

English

Publisher

ieee

Conference_Titel

TENCON 2014 - 2014 IEEE Region 10 Conference

Conference_Location

Bangkok

ISSN

2159-3442

Print_ISBN

978-1-4799-4076-9

Type

conf

DOI

10.1109/TENCON.2014.7022457

Filename

7022457