Skip to main content
SpringerLink
Log in

Detection of Anomalous HTTP Requests Based on Advanced N-gram Model and Clustering Techniques

  • Conference paper
Internet of Things, Smart Spaces, and Next Generation Networking (ruSMART 2013, NEW2AN 2013)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 8121))

Abstract

Nowadays HTTP servers and applications are some of the most popular targets for network attacks. In this research, we consider an algorithm for HTTP intrusions detection based on simple clustering algorithms and advanced processing of HTTP requests which allows the analysis of all queries at once and does not separate them by resource. The method proposed allows detection of HTTP intrusions in case of continuously updated web-applications and does not require a set of HTTP requests free of attacks to build the normal user behaviour model. The algorithm is tested using logs acquired from a large real-life web service and, as a result, all attacks from these logs are detected, while the number of false alarms remains zero.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Klein, A.: Detecting and Preventing HTTP Response Splitting and HTTP Request Smuggling Attacks at the TCP Level. Tech. Note (August 2005), http://www.securityfocus.com/archive/1/408135

  2. Axelsson, S.: Research in intrusion-detection systems: a survey. Department of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden. Technical Report. pp. 98–117 (December 1998)

    Google Scholar 

  3. Patcha, A., Park, J.M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks: The International Journal of Computer and Telecommunications Networking 51(12) (August 2007)

    Google Scholar 

  4. Verwoerd, T., Hunt, R.: Intrusion detection techniques and approaches. Computer Communications - COMCOM 25(15), 1356–1365 (2002)

    Article  Google Scholar 

  5. Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overview. Computer 35, 27–30 (2002)

    Article  Google Scholar 

  6. Gollmann, D.: Computer Security, 2nd edn. Wiley (2006)

    Google Scholar 

  7. Sriraghavan, R.G.: Data processing and anomaly detection in web-based applications. In: IEEE Workshop on Machine Learning for Signal Processing, MLSP 2008, pp. 187–192 (October 2008)

    Google Scholar 

  8. Sipola, T., Juvonen, A., Lehtonen, J.: Anomaly detection from network logs using diffusion maps. In: Iliadis, L., Jayne, C. (eds.) EANN/AIAI 2011, Part I. IFIP AICT, vol. 363, pp. 172–181. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  9. Zolotukhin, M., Hämäläinen, T., Juvonen, A.: Growing Hierarchical Self-organizing Maps and Statistical Distribution Models for Online Detection of Web Attacks. In: Cordeiro, J., Krempels, K.-H. (eds.) WEBIST 2012. Lecture Notes in Business Information Processing, vol. 140, pp. 281–295. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. Zolotukhin, M., Hämäläinen, T., Juvonen, A.: Online Anomaly Detection by Using N-gram Model and Growing Hierarchical Self-Organizing Maps. In: Proc. of the IWCMC (2012)

    Google Scholar 

  11. Kirchner, M.: A framework for detecting anomalies in HTTP traffic using instance-based learning and k-nearest neighbor classification. In: 2nd International Workshop on Security and Communication Networks (IWSCN), pp. 1–8 (May 2010)

    Google Scholar 

  12. Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proc. of the 10th ACM Conference on Computer and Communications Security, pp. 251–261 (2003)

    Google Scholar 

  13. Lucchese, L.: Data processing and anomaly detection in web-based applications. In: IEEE Workshop on Machine Learning for Signal Processing, MLSP 2008, pp. 187–192 (October 2008)

    Google Scholar 

  14. Lin, L., Leckie, C., Chenfeng, Z.: Comparative Analysis of HTTP Anomaly Detection Algorithms: DFA vs N-Grams. In: 4th International Conference on Network and System Security (NSS), pp. 113–119 (September 2010)

    Google Scholar 

  15. Ingham, K., Somayaji, A., Burge, J., Forrest, S.: Learning DFA representations of HTTP for protecting web applications. Computer Networks 51, 1239–1255 (2007)

    Article  MATH  Google Scholar 

  16. Sun, M., Xuelei, H., Yang, J.: Grammar-Based Anomaly Methods for HTTP Attacks. In: Chinese Conference on Pattern Recognition, CCPR 2009, vol. 1-5 (November 2009)

    Google Scholar 

  17. Suen, C.Y.: N-Gram Statistics for Natural Language Understanding and Text Processing. IEEE Transactions on Pattern Analysis and Machine Intelligence PAMI-1(2), 164–172 (1979)

    Google Scholar 

  18. Hirsimaki, T., Pylkkonen, J., Kurimo, M.: Importance of High-Order N-Gram Models in Morph-Based Speech Recognition. IEEE Transactions on Audio, Speech, and Language Processing 17(4), 724–732 (2009)

    Article  Google Scholar 

  19. Corona, I., Giacinto, G.: Detection of Server-side Web Attacks. In: Proc. of JMLR: Workshop on Applications of Pattern Analysis, pp. 160–166 (2010)

    Google Scholar 

  20. Jain, A., Murty, M., Flynn, P.: Data clustering: a review. ACM Computing Surveys 31(3), 264–323 (1999) ISSN 0360-0300

    Article  Google Scholar 

  21. Xie, J.: A Simple and Fast Algorithm for Global K-means Clustering. In: Proc. of 2nd International Workshop Education Technology and Computer Science (ETCS), vol. 2, pp. 36–40 (March 2010)

    Google Scholar 

  22. Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proc. of 2nd International Conference on Knowledge Discovery and Data Mining, pp. 226–231 (1996)

    Google Scholar 

  23. Kim, J.: The Anomaly Detection by Using DBSCAN Clustering with Multiple Parameters. In: Proc. of ICISA, pp. 1–5 (April 2011)

    Google Scholar 

  24. Smiti, A.: DBSCAN-GM: An improved clustering method based on Gaussian Means and DBSCAN techniques. In: Proc. of International Conference on Intelligent Engineering Systems (INES), pp. 573–578 (June 2012)

    Google Scholar 

  25. Apache 2.0 Documentation (2011), http://www.apache.org/

Download references

Author information

Authors and Affiliations

  1. Department of Mathematical Information Technology, University of Jyväskylä, Jyväskylä, FI-40014, Finland

    Mikhail Zolotukhin & Timo Hämäläinen

Authors
  1. Mikhail Zolotukhin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Timo Hämäläinen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. FRUCT Oy, Kissankellontie 20B, 00930, Helsinki, Finland

    Sergey Balandin

  2. Department of Electronics and Communications Engineering, Tampere University of Technology, Korkeakoulunkatu 1, 33720, Tampere, Finland

    Sergey Andreev  & Yevgeni Koucheryavy  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zolotukhin, M., Hämäläinen, T. (2013). Detection of Anomalous HTTP Requests Based on Advanced N-gram Model and Clustering Techniques. In: Balandin, S., Andreev, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networking. ruSMART NEW2AN 2013 2013. Lecture Notes in Computer Science, vol 8121. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40316-3_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40316-3_33

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40315-6

  • Online ISBN: 978-3-642-40316-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation