Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.3.365

User Behavior Based Web Attack Detection in the Face of Camouflage  

Shin, MinSik (Yonsei University)
Kwon, Taekyoung (Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.3, 2021 , pp. 365-371 More about this Journal
Abstract
With the rapid growth in Internet users, web applications are becoming the main target of hackers. Most previous WAFs (Web Application Firewalls) target every single HTTP request packet rather than the overall behavior of the attacker, and are known to be difficult to detect new types of attacks. In this paper, we propose a web attack detection system based on user behavior using machine learning to detect attacks of unknown patterns. In order to define user behavior, we focus on features excluding areas where an attacker can camouflage as a normal user. The experimental results shows that by using the path and query information to define users' behaviors, best results for an accuracy of 99% with Decision forest.
Keywords
Anomaly Detection; User Behavior; Web Attack; Machine Learning;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Husak, Martin, Petr Velan, and Jan Vykopal, "Security monitoring of HTTP traffic using extended flows," In Proc. the Availability, Reliability and Security (ARES), IEEE, pp. 258-265, Aug. 2015.
2 Zolotukhin, M., Hamalainen, T., Kokkonen, T., and Siltanen, J, "Analysis of HTTP requests for anomaly detection of web attacks," In Proc. the Dependable, Autonomic and Secure Computing (DASC), IEEE, pp. 406-411, Aug. 2014.
3 Goseva-Popstojanova, Katerina, Goce Anastasovski, and Risto Pantev, "Classification of malicious web sessions," In Proc. the International Conference on Computer Communications and Networks (ICCCN), IEEE, pp. 1-9, Aug. 2012.
4 Ye, Chengxu, Kesong Zheng, and Chuyu She, "Application layer DDoS detection using clustering analysis," In Proc. the Computer Science and Network Technology (ICCSNT), IEEE, pp. 1038-1041, Dec. 2012.
5 Liao, Q., Li, H., Kang, S., and Liu, C, "Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching," Security and Communication Networks, vol 8, no. 17, pp. 3111-3120, Mar. 2015.   DOI
6 Zhang, Yunyi, Jintian Lu, and Shuyuan Jin, "Web attack detection based on user behaviour semantics," In Proc. the Algorithms and Architectures for Parallel Processing, pp. 459-474, Sep. 2020.
7 Gimenez, Carmen Torrano, Alejandro Perez Villegas, and Gonzalo Alvarez Maranon, "HTTP data set CSIC 2010," Information Security Institute of CSIC (Spanish Research National Council), 2010.
8 Gharibeh, Samar, Shatha Melhem, and Hassan Najadat, "Classification on web application requests," In Proc. the 11th International Conference on Information and Communication Systems (ICICS), IEEE, pp. 1-5, Apr. 2020.
9 Xinyu Gong, Jialiang Lu, Yuchen Wang, Han Qiu, Ruan He, and Meikang Qiu, "CECoR-Net: A character-level neural network model for web attack detection," In Proc. the Smart Cloud (SmartCloud), IEEE, pp. 98-103, Dec. 2019.
10 Pham, Truong Son, Tuan Hao Hoang, and Vu Van Canh, "Machine learning techniques for web intrusion detection-a comparison," In Proc. the Eighth International Conference on Knowledge and Systems Engineering (KSE), IEEE, pp. 291-297, Oct. 2016.
11 Smitha, Rajagopal, K. S. Hareesha, and Poornima Panduranga Kundapur, "A machine learning approach for web intrusion detection: MAMLS perspective," Soft Computing and Signal Processing, Springer, vol 1, no. 12, pp. 119-133, Jan. 2019.
12 Acunetix, "Web Application Vulnerability Report" https://www.acunetix.com/blog/articles/acunetix-web-application-vulnerability-report-2019/, 2019.