GROWING HIERARCHICAL SELF-ORGANISING MAPS FOR ONLINE ANOMALY DETECTION BY USING NETWORK LOGS

Mikhail Zolotukhin; Timo Hämäläinen; Antti Juvonen

doi:10.5220/0003936606330642

GROWING HIERARCHICAL SELF-ORGANISING MAPS FOR ONLINE ANOMALY DETECTION BY USING NETWORK LOGS

Mikhail Zolotukhin, Timo Hämäläinen, Antti Juvonen

2012

Abstract

In modern networks HTTP clients request and send information using queries. Such queris are easy to manipulate to include malicious attacks which can allow attackers to corrupt a server or collect confidential information. In this study, the approach based on self-organizing maps is considered to detect such attacks. Feature matrices are obtained by applying n-gram model to extract features from HTTP requests contained in network logs. By learning on basis of these matrices, growing hierarchical self-organizing maps are constructed and by using these maps new requests received by the web-server are classified. The technique proposed allows to detect online HTTP attacks in the case of continuous updated web-applications. The algorithm proposed was tested using Logs, which were aquire acquired from a large real-life web-service and include normal and intrusive requests. As a result, almost all attacks from these logs have been detected, and the number of false alarms was very low at the same time.

Download

Paper Citation

in Harvard Style

Zolotukhin M., Hämäläinen T. and Juvonen A. (2012). GROWING HIERARCHICAL SELF-ORGANISING MAPS FOR ONLINE ANOMALY DETECTION BY USING NETWORK LOGS . In Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8565-08-2, pages 633-642. DOI: 10.5220/0003936606330642

in Bibtex Style

@conference{webist12,
author={Mikhail Zolotukhin and Timo Hämäläinen and Antti Juvonen},
title={GROWING HIERARCHICAL SELF-ORGANISING MAPS FOR ONLINE ANOMALY DETECTION BY USING NETWORK LOGS},
booktitle={Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2012},
pages={633-642},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003936606330642},
isbn={978-989-8565-08-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - GROWING HIERARCHICAL SELF-ORGANISING MAPS FOR ONLINE ANOMALY DETECTION BY USING NETWORK LOGS
SN - 978-989-8565-08-2
AU - Zolotukhin M.
AU - Hämäläinen T.
AU - Juvonen A.
PY - 2012
SP - 633
EP - 642
DO - 10.5220/0003936606330642