WWW2009 EPrints

A General Framework for Adaptive and Online Detection of Web Attacks

This item is a Poster.

Published Version

PDF (445Kb)


Detection of web attacks is an important issue in current defense-in-depth security framework. In this paper, we pro- pose a novel general framework for adaptive and online de- tection of web attacks. The general framework can be based on any online clustering methods. A detection model based on the framework is able to learn online and deal with “con- cept drift” in web audit data streams. Str-DBSCAN that we extended DBSCAN [1] to streaming data as well as StrAP [3] are both used to validate the framework. The detec- tion model based on the framework automatically labels the web audit data and adapts to normal behavior changes while identifies attacks through dynamical clustering of the streaming data. A very large size of real HTTP Log data col- lected in our institute is used to validate the framework and the model. The preliminary testing results demonstrated its effectiveness.

Export Record As...

About this site

This website has been set up for WWW2009 by Christopher Gutteridge of the University of Southampton, using our EPrints software.


We (Southampton EPrints Project) intend to preserve the files and HTML pages of this site for many years, however we will turn it into flat files for long term preservation. This means that at some point in the months after the conference the search, metadata-export, JSON interface, OAI etc. will be disabled as we "fossilize" the site. Please plan accordingly. Feel free to ask nicely for us to keep the dynamic site online longer if there's a rally good (or cool) use for it... [this has now happened, this site is now static]