title: A General Framework for Adaptive and Online Detection of Web Attacks
creator: Wang, Wei
creator: Masseglia, Florent
creator: Guyet, Thomas
creator: Quiniou, Rene
creator: Cordier, Marie-Odile
description: Detection of web attacks is an important issue in current  defense-in-depth security framework. In this paper, we pro-  pose a novel general framework for adaptive and online de-  tection of web attacks. The general framework can be based  on any online clustering methods. A detection model based  on the framework is able to learn online and deal with “con-  cept drift” in web audit data streams. Str-DBSCAN that we  extended DBSCAN [1] to streaming data as well as StrAP  [3] are both used to validate the framework. The detec-  tion model based on the framework automatically labels  the web audit data and adapts to normal behavior changes  while identifies attacks through dynamical clustering of the  streaming data. A very large size of real HTTP Log data col-  lected in our institute is used to validate the framework and  the model. The preliminary testing results demonstrated its  effectiveness.  
date: 2009-04
type: Conference or Workshop Item
type: PeerReviewed
format: application/pdf
identifier: http://www2009.eprints.org/151/1/p1141.pdf
identifier: Wang, Wei <http://www2009.eprints.org/view/author/Wang=3AWei=3A=3A.html> and Masseglia, Florent <http://www2009.eprints.org/view/author/Masseglia=3AFlorent=3A=3A.html> and Guyet, Thomas <http://www2009.eprints.org/view/author/Guyet=3AThomas=3A=3A.html> and Quiniou, Rene <http://www2009.eprints.org/view/author/Quiniou=3ARene=3A=3A.html> and Cordier, Marie-Odile <http://www2009.eprints.org/view/author/Cordier=3AMarie-Odile=3A=3A.html> (2009) A General Framework for Adaptive and Online Detection of Web Attacks. In: 18th International World Wide Web Conference, April 20th-24th, 2009, Madrid, Spain.
relation: http://www2009.eprints.org/151/