TY  - CONF
ID  - www2009151
UR  - http://www2009.eprints.org/151/
A1  - Wang, Wei
A1  - Masseglia, Florent
A1  - Guyet, Thomas
A1  - Quiniou, Rene
A1  - Cordier, Marie-Odile
Y1  - 2009/04//
N2  - Detection of web attacks is an important issue in current
defense-in-depth security framework. In this paper, we pro-
pose a novel general framework for adaptive and online de-
tection of web attacks. The general framework can be based
on any online clustering methods. A detection model based
on the framework is able to learn online and deal with ?con-
cept drift? in web audit data streams. Str-DBSCAN that we
extended DBSCAN [1] to streaming data as well as StrAP
[3] are both used to validate the framework. The detec-
tion model based on the framework automatically labels
the web audit data and adapts to normal behavior changes
while identifies attacks through dynamical clustering of the
streaming data. A very large size of real HTTP Log data col-
lected in our institute is used to validate the framework and
the model. The preliminary testing results demonstrated its
effectiveness.

TI  - A General Framework for Adaptive and Online Detection of Web Attacks
SP  - 1141
M2  - Madrid, Spain
AV  - public
EP  - 1141
T2  - 18th International World Wide Web Conference
ER  -