Title :
Online Anomaly Detection Based on Web Usage Mining
Author :
Xie, Yi ; Tang, Shensheng
Author_Institution :
Sch. of Inf. Sci. & Technol., Sun Vat-Sen Univ., Guangzhou, China
Abstract :
HTTP-based Web applications form a universal platform for modern network services. Due to its importance, more and more network attacks migrate to this platform. Among the known application-layer attacks, the web-based Distributed Denial of Service (DDoS) attack is a typical network threat. Despite the widespread success of many methods in this field, most existing approaches are static and fail to monitor the time-varying user- and attacker-behavior. Motivated by this challenge, a new dynamic hidden semi-Markov model is proposed to model the time-varying user-behavior. An efficient algorithm is introduced to realize the online automatic update of model´s parameters. Based on the proposed dynamic behavior model, an anomaly detection scheme is proposed to detect the Web-based distributed denial of service attack. Experiments based on a real traffic data are conducted to validate our model and algorithms.
Keywords :
Internet; Markov processes; data mining; hypermedia; internal stresses; security of data; transport protocols; DDoS attack; HTTP-based Web applications; Web usage mining; Web-based distributed denial of service attack; anomaly detection scheme; application-layer attacks; attacker-behavior; dynamic behavior model; dynamic hidden semi-Markov model; network services; online anomaly detection; online automatic update; real traffic data; time-varying user-behavior; universal platform; Computational modeling; Computer crime; Data models; Entropy; Hidden Markov models; Information filters; Mining; Online Anomaly detection; Web usage;
Conference_Titel :
Parallel and Distributed Processing Symposium Workshops & PhD Forum (IPDPSW), 2012 IEEE 26th International
Conference_Location :
Shanghai
Print_ISBN :
978-1-4673-0974-5
DOI :
10.1109/IPDPSW.2012.143
