Abstract
Currently, the growing popularity of publicly available web services is one of the driving forces for so-called “web hacking” activities. The main contribution of this paper is the semi-unsupervised anomaly detection method for HTTP traffic anomaly detection. We made the assumption that during the learning phase (for the captured volume of HTTP traffic), only small friction of samples is labelled. Our experiments show that the proposed method allows us to achieve the ratios of true positive and false positive errors below 1 %.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Symantec, Internet Security Threat Report, vol. 19. http://www.symantec.com/security_response/publications/threatreport.jsp (2014)
WhiteHat Website Security Statistics Report. https://www.whitehatsec.com/resource/stats.html
SNORT project homepage. http://www.snort.org/
Sharma, M., Toshniwal, D.: Pre-clustering algorithm for anomaly detection and clustering that uses variable size buckets. In: 1st International Conference on Recent Advances in Information Technology (RAIT), pp. 515–519, 15–17 March 2012
Adaniya, M.H.A.C., Lima, M.F., Rodrigues, J.J.P.C., Abrao, T., Proenca, M.L.: Anomaly detection using DSNS and firefly harmonic clustering algorithm. In: IEEE International Conference on Communications (ICC), pp. 1183–1187, 10–15 June 2012
Mazel, J., Casas, P., Labit, Y., Owezarski, P.: Sub-space clustering, inter-clustering results association and anomaly correlation for unsupervised network anomaly detection. In: 7th International Conference on Network and Service Management (CNSM), pp. 1–8, 24–28 Oct 2011
Yang, C., Deng, F., Yang, H.: An unsupervised anomaly detection approach using subtractive clustering and hidden markov model. In: Second International Conference on Communications and Networking in China. CHINACOM’07, pp. 313–316, 22–24 Aug 2007
Liang, H., Wei-wu, R., Fei, R.: An adaptive anomaly detection based on hierarchical clustering. In: 1st International Conference on Information Science and Engineering (ICISE), pp. 1626–1629, 26–28 Dec 2009
Pons, P., Latapy, M.: Computing communities in large networks using random walks. J. Graph Algorithms Appl. 10(2), 191–218 (2006)
Liao, Q., Blaich, A., Van Bruggen, D., Striegel, A.: Managing networks through context: graph visualization and exploration. Comput. Netw. 54, 2809–2824 (2010)
Ricciato, F., Fleischer, W.: Bottleneck detection via aggregate rate analysis: a real casein a 3G network. In: Proceedings of the IEEE/IFIP NOMS (2004)
Thottan, M., Ji, C.: Anomaly detection in IP networks. IEEE Trans. Signal Process. [Special Issue of Signal Processing in Networking], 51(8): 2191–2204 (2003)
Rish, I., Brodie, M., Sheng, M., Odintsova, N., Beygelzimer, A., Grabarnik, G., Hernandez, K.: Adaptive diagnosis in distributed systems. IEEE Trans. Neural Netw. 16(5), 1088–1109 (2005)
Soule, A., Salamatian, K., Taft, N.: Combining filtering and statistical methods for anomaly detection. In: Proceedings of IMC Workshop (2005)
Ma, J., Dai, G., Xu, Z.: Network anomaly detection using dissimilarity-based one-class SVM classifier. In: International Conference on Parallel Processing Workshops. ICPPW’09, pp. 409–414, 22–25 Sept 2009
Ma, R., Liu, Y., Lin, X., Wang, Z.: Network anomaly detection using RBF neural network with hybrid QPSO. In: IEEE International Conference on Networking, Sensing and Control. ICNSC, pp. 1284–1287, 6–8 April 2008
Gaddam, S.R., Phoha, V.V., Balagani, K.S.: K-Means+ID3: a novel method for supervised anomaly detection by cascading K-Means clustering and ID3 decision tree learning methods. IEEE Trans. Knowl. Data Eng. 19(3), 345–354 (2007)
Fraley, C., Raftery, A.E.: Model-based clustering, discriminant analysis, and density estimation. J. Am. Stat. Assoc. 97, 611–631 (2002)
Automatic SQL injection and database takeover tool. http://sqlmap.org/
OWASP Zed Attack Proxy Project. https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Apache log analyzer for security. https://code.google.com/p/apache-scalp/
Acknowledgments
This work was partially supported by Applied Research Programme (PBS) of the National Centre for Research and Development (NCBR) funds allocated for the Research Project number PBS1/A3/14/2012 (SECOR).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Kozik, R., Choraś, M., Renk, R., Hołubowicz, W. (2016). Semi-unsupervised Machine Learning for Anomaly Detection in HTTP Traffic. In: Burduk, R., Jackowski, K., Kurzyński, M., Woźniak, M., Żołnierek, A. (eds) Proceedings of the 9th International Conference on Computer Recognition Systems CORES 2015. Advances in Intelligent Systems and Computing, vol 403. Springer, Cham. https://doi.org/10.1007/978-3-319-26227-7_72
Download citation
DOI: https://doi.org/10.1007/978-3-319-26227-7_72
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26225-3
Online ISBN: 978-3-319-26227-7
eBook Packages: EngineeringEngineering (R0)