Title :
Web attack detection using entropy-based analysis
Author :
Threepak, T. ; Watcharapupong, A.
Author_Institution :
Dept. of Comput. Eng., King Mongkut´s Inst. of Technol. Ladkrabang, Bangkok, Thailand
Abstract :
Web attacks are increases both magnitude and complexity. In this paper, we try to use the Shannon entropy analysis to detect these attacks. Our approach examines web access logging text using the principle that web attacking scripts usually have more sophisticated request patterns than legitimate ones. Risk level of attacking incidents are indicated by the average (AVG) and standard deviation (SD) of each entropy period, i.e., Alpha and Beta lines which are equal to AVG-SD and AVG-2*SD, respectively. They represent boundaries in detection scheme. As the result, our technique is not only used as high accurate procedure to investigate web request anomaly behaviors, but also useful to prune huge application access log files and focus on potential intrusive events. The experiments show that our proposed process can detect anomaly requests in web application system with proper effectiveness and low false alarm rate.
Keywords :
entropy; security of data; AVG-SD; Shannon entropy analysis; Web access logging text; Web attack detection; Web attacking scripts; Web request anomaly behaviors; entropy-based analysis; intrusive events; standard deviation; Complexity theory; Entropy; Equations; Intrusion detection; Mathematical model; Standards; Anomaly Detection; Entropy Analysis; Information Security;
Conference_Titel :
Information Networking (ICOIN), 2014 International Conference on
Conference_Location :
Phuket
DOI :
10.1109/ICOIN.2014.6799699
