%0 Conference Paper
%A Wang, Wei
%A Masseglia, Florent
%A Guyet, Thomas
%A Quiniou, Rene
%A Cordier, Marie-Odile
%B 18th International World Wide Web Conference
%C Madrid, Spain
%D 2009
%F www2009:151
%P 1141-1141
%T A General Framework for Adaptive and Online Detection of Web Attacks
%U http://www2009.eprints.org/151/
%X Detection of web attacks is an important issue in current  defense-in-depth security framework. In this paper, we pro-  pose a novel general framework for adaptive and online de-  tection of web attacks. The general framework can be based  on any online clustering methods. A detection model based  on the framework is able to learn online and deal with “con-  cept drift” in web audit data streams. Str-DBSCAN that we  extended DBSCAN [1] to streaming data as well as StrAP  [3] are both used to validate the framework. The detec-  tion model based on the framework automatically labels  the web audit data and adapts to normal behavior changes  while identifies attacks through dynamical clustering of the  streaming data. A very large size of real HTTP Log data col-  lected in our institute is used to validate the framework and  the model. The preliminary testing results demonstrated its  effectiveness.