Skip to Main content Skip to Navigation
New interface
Conference papers

A General Framework for Adaptive and Online Detection of Web attacks

Wei Wang 1 Florent Masseglia 2 Thomas Guyet 3 René Quiniou 3 Marie-Odile Cordier 3 
2 AxIS - Usage-centered design, analysis and improvement of information systems
CRISAM - Inria Sophia Antipolis - Méditerranée , Inria Paris-Rocquencourt
3 DREAM - Diagnosing, Recommending Actions and Modelling
Abstract : Detection of web attacks is an important issue in current defense-in-depth security framework. Many existing anomaly detection methods require a large amount of precisely labeled data to build a static model that is then used for attack detection. In practical environments, however, labeled data is very difficult to obtain. Moreover, the audit data for attack detection is typically streaming and the behavioral model is always evolving. Static detection models thus lead to considerable false positives. In this paper, we propose a novel general framework for adaptive and online detection of web attacks. The general framework can be based on any online clustering methods. A detection model based on the framework is able to learn online and deal with concept drift in web audit data streams. Str-DBSCAN that we extended DBSCAN [1] to streaming data as well as StrAP [3] are both used to validate the framework. The detection model based on the framework automatically labels the web audit data and adapts to normal behavior changes while identifies attacks through dynamical clustering of the streaming data. A very large size of real HTTP Log data collected in our institute is used to validate the framework and the model. The preliminary testing results demonstrated its effectiveness and efficiency.
Complete list of metadata
Contributor : Thomas Guyet Connect in order to contact the contributor
Submitted on : Thursday, March 4, 2010 - 3:28:01 PM
Last modification on : Tuesday, November 1, 2022 - 3:33:36 AM


  • HAL Id : inria-00461391, version 1


Wei Wang, Florent Masseglia, Thomas Guyet, René Quiniou, Marie-Odile Cordier. A General Framework for Adaptive and Online Detection of Web attacks. 18th International World Wide Web Conference - WWW 2009, Apr 2009, Madrid, Spain. ⟨inria-00461391⟩



Record views