Detection of HTTP-GET attack with clustering and information theoretic measurements

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7743 LNCS, Issue , 2013, Pages 45-61

  Chwalinski, Pawel ^a   Belavkin, Roman ^a   Cheng, Xiaochun ^a  

^a MIDDLESEX UNIVERSITY   (United Kingdom)

Author keywords

Clustering; HTTP GET Attack; Information Theory; Intrusion Detection

Indexed keywords

CLUSTERING; CLUSTERING TECHNIQUES; ENTROPY-BASED; HTTP PROTOCOLS; HTTP-GET ATTACK; WEB SERVERS;

HTTP; INFORMATION THEORY; INTRUSION DETECTION; WORLD WIDE WEB;

HYPERTEXT SYSTEMS;

EID: 84875966213     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-37119-6_4     Document Type: Conference Paper

References (27)

1. Anderson, C.R., Domingos, P., Weld, D.S.: Adaptive web navigation for wireless devices. In: Proceedings of the 17th International Joint Conference on Artificial Intelligence, vol. 2, pp. 879-884. Morgan Kaufmann Publishers Inc., San Francisco (2001)
2. Ariu, D., Tronci, R., Giacinto, G.: Hmmpayl: An intrusion detection system based on hidden markov models. Computers and Security 30(4), 221-241 (2011)
3. Barbará, D., Li, Y., Couto, J.: Coolcat: an entropy-based algorithm for categorical clustering. In: Proceedings of the Eleventh International Conference on Information and knowledge Management, CIKM 2002, pp. 582-589. ACM, New York (2002)
4. de Boer, P.-T., Kroese, D., Mannor, S., Rubinstein, R.: A tutorial on the cross-entropy method. Annals of Operations Research 134, 19-67 (2005), doi:10.1007/s10479-005-5724-z
5. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222-232 (1987)
6. Ingham, K.L., Somayaji, A., Burge, J., Forrest, S.: Learning dfa representations of http for protecting web applications. Computer Networks 51(5), 1239-1255 (2007); From Intrusion Detection to Self-Protection
7. Jalali, M., Mustapha, N., Nasir Sulaiman, M., Mamat, A.: Webpum: A web-based recommendation system to predict user future movements. Expert Systems with Applications 37(9), 6201-6212 (2010)
8. Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proceedings of the 11th International Conference on World Wide Web, WWW 2002, pp. 293-304. ACM, New York (2002)
9. Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Comput. Netw. 48(5), 717-738 (2005)
10. Kullback, S., Leibler, R.A.: On Information and Sufficiency. The Annals of Mathematical Statistics 22(1), 79-86 (1951)
11. Kumar, P., Radha Krishna, P., Bapi, R.S., Kumar De, S.: Rough clustering of sequential data. Data and Knowledge Engineering 63(2), 183-199 (2007)
12. Lee, C.-H., Lo, Y.L., Fu, Y.-H.: A novel prediction model based on hierarchical characteristic of web site. Expert Systems with Applications 38(4), 3422-3430 (2011)
13. Lee, S., Kim, G., Kim, S.: Sequence-order-independent network profiling for detecting application layer ddos attacks. EURASIP Journal on Wireless Communications and Networking 2011(1), 50 (2011)
14. Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Trans. Inf. Syst. Secur. 3, 227-261 (2000)
15. Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: IEEE Symposium on Security and Privacy, pp. 130-143 (2001)
16. Li, T., Ma, S., Ogihara, M.: Entropy-based criterion in categorical clustering. In: Proceedings of the Twenty-First International Conference on Machine Learning, ICML 2004, pp. 68-75. ACM, New York (2004)
17. Mao, C.-H., Pao, H.-K., Faloutsos, C., Lee, H.-M.: Sbad: Sequence based attack detection via sequence comparison. In: PSDML, pp. 78-91 (2010)
18. Shannon, C.E.: A mathematical theory of communication. Bell System Technical Journal 27 (1948)
19. Speiser, M., Antonini, G., Labbi, A., Sutanto, J.: On nested palindromes in clickstream data. In: Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2012, pp. 1460-1468. ACM, New York (2012)
20. Srivatsa, M., Iyengar, A., Yin, J., Liu, L.: Mitigating application-level denial of service attacks on Web servers: A client-transparent approach. ACM Trans. Web 2, 15:1-15:49 (2008)
21. Stevanovic, D., Vlajic, N., An, A.: Unsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users. Procedia CS 5, 123-131 (2011)
22. Stevanovic, D., Vlajic, N., An, A.: Detection of malicious and non-malicious website visitors using unsupervised neural network learning. Applied Soft Computing (2012)
23. Strehl, A., Ghosh, J., Mooney, R.: Impact of Similarity Measures on Web-page Clustering. In: Proceedings of the 17th National Conference on Artificial Intelligence: Workshop of Artificial Intelligence for Web Search (AAAI 2000), Austin, Texas, USA, July 30-31, pp. 58-64. AAAI (July 2000)
24. Tan, Z., Jamdagni, A., He, X., Nanda, P., Liu, R.P., Jia, W., Yeh, W.-C.: A Two-Tier System for Web Attack Detection Using Linear Discriminant Method. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 459-471. Springer, Heidelberg (2010)
25. Ulmer, C., Gokhale, M., Gallagher, B., Top, P., Eliassi-Rad, T.: Massively parallel acceleration of a document-similarity classifier to detect web attacks. Journal of Parallel and Distributed Computing 71(2), 225-235 (2011); Data Intensive Computing
26. Xie, Y., Yu, S.-Z.: A Novel Model for Detecting Application Layer DDoS Attacks. In: Proceedings of the First International Multi-Symposiums on Computer and Computational Sciences (IMSCCS 2006), vol. 2, pp. 56-63. IEEE Computer Society, Washington, DC (2006)
27. Xie, Y., Yu, S.-Z.: Monitoring the application-layer DDoS attacks for popular websites. IEEE/ACM Trans. Netw. 17, 15-25 (2009)