Title :
HTTP-session Model and Its Application in Anomaly HTTP Traffic Detection
Author :
Xie, Yi ; Huang, Xiangnong
Author_Institution :
Dept. of Electr. & Commun. Eng., Sun Yat-Sen Univ., Guangzhou, China
Abstract :
Different from most existing studies on Web session identification for commerce purposes, a novel dynamic real time HTTP-session processes description method is presented in this paper for detecting the anomaly HTTP traffic for network boundary. The proposed scheme doesn´t rely on presupposed threshold and client/server-side data which are widely used in traditional session detection approaches. A new parameter is defined based on inter-arrival time of HTTP requests. A nonlinear algorithm is introduced for quantization. Trained by the quantized sequences, nonparametric hidden Markov model with explicit state duration is applied to cluster and scout the HTTP-session processes. A probability function is derived for predicting HTTP-session processes. The deviation between the prediction result and the real observation is used for sham Web behavior detection. Experiments based on real HTTP traces of large-scale Web proxies are implemented to valid the proposal.
Keywords :
hidden Markov models; hypermedia; probability; telecommunication traffic; transport protocols; HTTP-session model; HTTP-session process description method; Web proxy; Web session identification; anomaly HTTP traffic detection; commerce; explicit state duration; inter-arrival time; network boundary; nonlinear algorithm; nonparametric hidden Markov model; probability function; quantized sequences; sham Web behavior detection;
Conference_Titel :
Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-8125-5
Electronic_ISBN :
978-0-7695-4189-1
DOI :
10.1109/SKG.2010.24
