期刊名称:International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN:2320-9798
电子版ISSN:2320-9801
出版年度:2018
卷号:6
期号:12
页码:9305-9313
DOI:10.15680/IJIRCCE.2018. 0612042
出版社:S&S Publications
摘要:In Web site hacks are on the rise and pose a greater threat than the broad based network attacks as they
threaten to steal critical customer, employee, and business partner information stored in applications and databases
linked to the Web. We present an analysis of HTTP traffic in a large-scale environment which uses network flow
monitoring extended by parsing HTTP requests the increasing shift towards web applications opens new attack vectors.
Traditional protection mechanisms like firewalls were not designed to protect web applications and thus do not provide
adequate defence. It is possible for a web site to be visited by a regular user as a normal (natural) visit, to be viewed by
crawlers, bots, spiders, etc. for indexing purposes, lastly to be exploratory scanned by malicious users prior to an attack.
An attack targeted web scan can be viewed as a phase of a potential attack and can lead to more attack detection as
compared to traditional detection methods. In this work, we propose a method to detect attack-oriented scans and to
distinguish them from other types of visits. In this context, we use access log files of Apache (or ISS) web servers and
try to determine attack situations through examination of the past data and current web logs using timestamps. In
addition to web scan detections, we insert a rule set to detect SQL Injection and XSS attacks. Our approach has been
applied on sample data sets and results have been analyzed in terms of performance measures to compare our method
and other commonly used detection and prevention techniques.
关键词:web content mining; machine learning; feature extraction; support vector machine;
