@inproceedings{b02b723751184b9f85d8a6ec40a6cacb,
title = "An on-line learning statistical model to detect malicious web requests",
abstract = "Detecting malicious connection attempts and attacks against web-based applications is one of many approaches to protect the World Wide Web and its users. In this paper, we present a generic method for detecting anomalous and potentially malicious web requests from the network's point of view without prior knowledge or training data of the web-based application. The algorithm assumes that a legitimate request is an ordered sequence of semantic entities. Malicious requests are in different order or include entities which deviate from the structure of the majority of requests. Our method learns a variable-order Markov model from legitimate sequences of semantic entities. If a sequence's probability deviates from previously seen ones, it is reported as anomalous. Experiments were conducted on logs from a social networking web site. The results indicate that that the proposed method achieves good detection rates at acceptable false-alarm rates.",
keywords = "anomaly detection, intrusion detection, Markov model, on-line learning, web security",
author = "Harald Lampesberger and Philipp Winter and Markus Zeilinger and Eckehard Hermann",
note = "Copyright: Copyright 2012 Elsevier B.V., All rights reserved.; 7th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2011 ; Conference date: 07-09-2011 Through 09-09-2011",
year = "2012",
doi = "10.1007/978-3-642-31909-9_2",
language = "English",
isbn = "9783642319082",
volume = "96",
series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering",
pages = "19--38",
booktitle = "Security and Privacy in Communication Networks - 7th International ICST Conference, SecureComm 2011, Revised Selected Papers",
edition = "96",
}