creators_name: Wang, Wei creators_name: Masseglia, Florent creators_name: Guyet, Thomas creators_name: Quiniou, Rene creators_name: Cordier, Marie-Odile type: conference_item datestamp: 2009-04-06 19:13:17 lastmod: 2009-04-07 14:03:00 metadata_visibility: show title: A General Framework for Adaptive and Online Detection of Web Attacks ispublished: pub full_text_status: public pres_type: poster abstract: Detection of web attacks is an important issue in current defense-in-depth security framework. In this paper, we pro- pose a novel general framework for adaptive and online de- tection of web attacks. The general framework can be based on any online clustering methods. A detection model based on the framework is able to learn online and deal with “con- cept drift” in web audit data streams. Str-DBSCAN that we extended DBSCAN [1] to streaming data as well as StrAP [3] are both used to validate the framework. The detec- tion model based on the framework automatically labels the web audit data and adapts to normal behavior changes while identifies attacks through dynamical clustering of the streaming data. A very large size of real HTTP Log data col- lected in our institute is used to validate the framework and the model. The preliminary testing results demonstrated its effectiveness. date: 2009-04 pagerange: 1141-1141 event_title: 18th International World Wide Web Conference event_location: Madrid, Spain event_dates: April 20th-24th, 2009 event_type: conference refereed: TRUE citation: Wang, Wei and Masseglia, Florent and Guyet, Thomas and Quiniou, Rene and Cordier, Marie-Odile (2009) A General Framework for Adaptive and Online Detection of Web Attacks. In: 18th International World Wide Web Conference, April 20th-24th, 2009, Madrid, Spain. document_url: http://www2009.eprints.org/151/1/p1141.pdf