Open Access
Subscription Access
A Hybrid Intrusion Detection Model for Web Log-Based Attacks
Abstract
Attacks against web-based applications is one of the most serious network security threats. Currently, web-based attacks are so complex that single detection method cannot cope with the emerging attacks. Motivated by this, we efficiently merge misuse detection as well as anomaly detection, and propose a hybrid intrusion detection model for web log-based attacks. In this hybrid model, the malicious logs, which cannot be detected by the misuse detection model, will be loaded into the anomaly detection model for a second check. Firstly, we analyze the inherent features of HTTP logs and thus set up the rule base so as to identify the known web log-based attacks. Moreover, we utilize the K-means clustering algorithm of data mining for logs to construct the normal behavior library so as to distinguish between normal behavior and abnormal behavior. Finally, we evaluate the performance of our solutions using massive realistic web logs. A series of experimental data demonstrate the effectiveness of our hybrid model that contributes to simultaneously achieve high detection rate and low false alarm rate.
Keywords
Web log attack; Intrusion detection; Misuse detection; Anomaly detection; K-means clustering
Citation Format:
Junwei Zou, Dan Tao, Jing Yu, "A Hybrid Intrusion Detection Model for Web Log-Based Attacks," Journal of Internet Technology, vol. 18, no. 4 , pp. 887-895, Jul. 2017.
Junwei Zou, Dan Tao, Jing Yu, "A Hybrid Intrusion Detection Model for Web Log-Based Attacks," Journal of Internet Technology, vol. 18, no. 4 , pp. 887-895, Jul. 2017.
Refbacks
- There are currently no refbacks.
Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314 E-mail: jit.editorial@gmail.com