GROWING HIERARCHICAL SELF-ORGANISING MAPS FOR ONLINE ANOMALY DETECTION BY USING NETWORK LOGS
Mikhail Zolotukhin, Timo Hämäläinen, Antti Juvonen
2012
Abstract
In modern networks HTTP clients request and send information using queries. Such queris are easy to manipulate to include malicious attacks which can allow attackers to corrupt a server or collect confidential information. In this study, the approach based on self-organizing maps is considered to detect such attacks. Feature matrices are obtained by applying n-gram model to extract features from HTTP requests contained in network logs. By learning on basis of these matrices, growing hierarchical self-organizing maps are constructed and by using these maps new requests received by the web-server are classified. The technique proposed allows to detect online HTTP attacks in the case of continuous updated web-applications. The algorithm proposed was tested using Logs, which were aquire acquired from a large real-life web-service and include normal and intrusive requests. As a result, almost all attacks from these logs have been detected, and the number of false alarms was very low at the same time.
DownloadPaper Citation
in Harvard Style
Zolotukhin M., Hämäläinen T. and Juvonen A. (2012). GROWING HIERARCHICAL SELF-ORGANISING MAPS FOR ONLINE ANOMALY DETECTION BY USING NETWORK LOGS . In Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8565-08-2, pages 633-642. DOI: 10.5220/0003936606330642
in Bibtex Style
@conference{webist12,
author={Mikhail Zolotukhin and Timo Hämäläinen and Antti Juvonen},
title={GROWING HIERARCHICAL SELF-ORGANISING MAPS FOR ONLINE ANOMALY DETECTION BY USING NETWORK LOGS},
booktitle={Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2012},
pages={633-642},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003936606330642},
isbn={978-989-8565-08-2},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - GROWING HIERARCHICAL SELF-ORGANISING MAPS FOR ONLINE ANOMALY DETECTION BY USING NETWORK LOGS
SN - 978-989-8565-08-2
AU - Zolotukhin M.
AU - Hämäläinen T.
AU - Juvonen A.
PY - 2012
SP - 633
EP - 642
DO - 10.5220/0003936606330642