Browse > Article
http://dx.doi.org/10.13089/JKIISC.2004.14.4.97

Real-Time Visualization of Web Usage Patterns and Anomalous Sessions  

이병희 (한국과학기술원 전자전산학과)
조상현 (한국과학기술원 전자전산학)
차성덕 (한국과학기술원 전자전산학과)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.14, no.4, 2004 , pp. 97-110 More about this Journal
Abstract
As modem web services become enormously complex, web attacks has become frequent and serious. Existing security solutions such as firewalls or signature-based intrusion detection systems are generally inadequate in securing web services, and analysis of raw web log data is simply impractical for most organizations. Visual display of "interpreted" web logs, with emphasis on anomalous web requests, is essential for an organization to efficiently track web usage patterns and detect possible web attacks. In this paper, we discuss various issues related to effective real-time visualization of web usage patterns and anomalies. We implemented a software tool named SAD (session anomaly detection) Viewer to satisfy such need and conducted an empirical study in which anomalous web traffics such as Misuse attacks, DoS attacks, Code-Red worms and Whisker scans were injected. Our study confirms that SAD Viewer is useful in assisting web security engineers to monitor web usage patterns in general and anomalous web sessions in particular.articular.
Keywords
web visualization; anomaly detection; web usage pattern; anomalous sessions; visualization principles; SAD viewer; DoS attack; Code-Red worm; Whisker scans;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J.S. Seo. B.S. Kim. S.H. Cho and S.D. Cha 'Web Server Attack Categorizationbased on Root Causes and Their Locations.' Internation Conference on Information Technology. April. 2004
2 http://www.silicondefense.com/software/snortsnarf/
3 Sanghyun Cho and SungDeok Cha 'SAD : Web Session Anomaly detection based on parameter estimation.' Computers & Security Journal. Elsevier. 2004
4 Sougata Mukherjea. James D. Foley. 'Visualizing the World-Wide Web with the Navigational View Builder.' Computer Networks and ISDN Systems 27(6). pp 1075-1087. 1995   DOI   ScienceOn
5 David Moore. Colleen Shannon. Jeffery Brown. 'Code-Red: a case study on the spread and victims of an Internet worm.' Internet Measurement Workshop. 2002
6 Srivastava J. Cooley R. Deshpande M. Tan P N. 'Web Usage Mining: Discovery and Applications of Usage Patterns from Web Data.' ACM SIGKDD. Jan 2000
7 Bowo Prasetyo, Iko Pramudiono. Katsumi Takahashi. Masaru Kitsuregawa. 'Naviz : Website Navigational Behavior Visualizer.' Pacific-Asia Conference on Knowledge Discovery and Data Mining pp 276-289. 2002
8 Alberto O. Mendelzon. 'Visualizing the World Wide Web.' Proc. AVI'96. May 1996
9 http://www .itl.nist. gov/iaui/vvrg/cugini/webmet/visvip/webvis-paper.html
10 Myra Spiliopoulou and Lukas C. Faulstich. 'WUM : A Tool for Web Utilization Analysis.' EDBT Workshop WebDB'98. Valencia, Spain. Mar. 1998
11 http://www.research.att.com/sw/tools/graphviz/
12 James E. Pitkow & Krishna A.Bharat. 'WEBVIZ : A Tool For World-Wide Web Access Log Analysis.' First International Worldwide Web Conference. 1994
13 Jason I. Hong, James A. Landay. 'WebQuilt: a framework for capturing and visualizing the web experience.' International World Wide Web Conferences. pp 717-724. 2001
14 Jee Yeon Lee. An Analysis of Information Visualization Problems using User Interface Design Principles. 정보관리연구. vol. 34. no. 2. 2003