An on-line learning statistical model to detect malicious web requests

Publikation: Beitrag in Buch/Bericht/TagungsbandKonferenzbeitragBegutachtung

6 Zitate (Scopus)

Abstract

Detecting malicious connection attempts and attacks against web-based applications is one of many approaches to protect the World Wide Web and its users. In this paper, we present a generic method for detecting anomalous and potentially malicious web requests from the network's point of view without prior knowledge or training data of the web-based application. The algorithm assumes that a legitimate request is an ordered sequence of semantic entities. Malicious requests are in different order or include entities which deviate from the structure of the majority of requests. Our method learns a variable-order Markov model from legitimate sequences of semantic entities. If a sequence's probability deviates from previously seen ones, it is reported as anomalous. Experiments were conducted on logs from a social networking web site. The results indicate that that the proposed method achieves good detection rates at acceptable false-alarm rates.

OriginalspracheEnglisch
TitelSecurity and Privacy in Communication Networks - 7th International ICST Conference, SecureComm 2011, Revised Selected Papers
Seiten19-38
Seitenumfang20
Band96
Auflage96
DOIs
PublikationsstatusVeröffentlicht - 2012
Veranstaltung7th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2011 - London, Großbritannien/Vereinigtes Königreich
Dauer: 7 Sep 20119 Sep 2011

Publikationsreihe

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
Band96 LNICST
ISSN (Print)1867-8211

Konferenz

Konferenz7th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2011
Land/GebietGroßbritannien/Vereinigtes Königreich
OrtLondon
Zeitraum07.09.201109.09.2011

Fingerprint

Untersuchen Sie die Forschungsthemen von „An on-line learning statistical model to detect malicious web requests“. Zusammen bilden sie einen einzigartigen Fingerprint.

Zitieren