Short PapersNo Access

WEB MISUSE DETECTION THROUGH TEXT CATEGORISATION OF APPLICATION SERVER LOGS

JUAN JOSÉ GARCÍA ADEVA

School of Electrical and Information Engineering, University of Sydney, NSW 2006, Australia

Search for more papers by this author

and

JUAN MANUEL PIKATZA ATXA

Faculty of Computer Engineering, The University of the Basque Country, Donostia – San Sebastián, Spain

Search for more papers by this author

https://doi.org/10.1142/S0218213006002989Cited by:2 (Source: Crossref)

Abstract

Security in web-based systems that handle confidential information can be considered a particularly sensitive subject that requires assuming some responsibilities about security. Achieving a secure web application involves tackling several issues such encryption of traffic and certain database information, strictly restricted access control, etc. In this work we focus on detecting misuse of the web application in order to gain unauthorised access. We introduce an Intrusion Detection component that by applying Text Categorisation is capable of learning the characteristics of both normal and malicious user behaviour from the regular, high-level log entries generated by web application through its application server. Therefore, the detection of misuse in the web application is achieved without the need of explicit programming or modification of the existing web application. We applied our Intrusion Detection component to a real web-based telemedicine system in order to offer some evaluation measurements. This articles offers an overview of the model, our experiences, and observations.

Keywords:

Remember to check out the Most Cited Articles!
Check out Notable Titles in Artificial Intelligence.

References

John Douglas Howard. An analysis of security incidents on the Internet 1989-1995. PhD thesis, Carnegie Mellon University, Pittsburgh, PA, USA, 1998 . Google Scholar
Dorothy E. Denning, IEEE Trans. Softw. Eng. 13(2), 222 (1987). Web of Science, Google Scholar
Sandeep Kumar and Eugene Spafford. An Application of Pattern Matching in Intrusion Detection. Technical Report 94-013, Purdue University, Department of Computer Sciences, 1994 . Google Scholar
Glenn Mansfieldet al., Comput. Networks 34(4), 659 (2000). Crossref, Web of Science, Google Scholar
Philip K. Chan, Matthew V. Mahoney, and Muhammad H. Arshad. A machine learning approach to anomaly detection. Technical report, Florida Institute of Technology, 2003 . Google Scholar
Nahla Ben Amor, Salem Benferhat and Zied Elouedi, Naive bayes vs decision trees in intrusion detection systems, SAC '04: Proceedings of the 2004 ACM symposium on Applied computing (ACM Press) pp. 420–424. Google Scholar
Wenke Lee and Salvatore Stolfo , Data mining approaches for intrusion detection , Proceedings of the 7th USENIX Security Symposium . Google Scholar
Daniel Barbaraet al., Special section on data mining for intrusion detection and threat analysis 30(4), 15 (2001). Google Scholar
F. J. Sobradoet al., Lecture Notes in Artificial Intelligence 3040 (2004) pp. 587–596. Google Scholar
J. J. García Adeva and R. A. Calvo, IEEE Internet Computing 10(4), (2006). Google Scholar
David D. Lewis, Naive (Bayes) at forty: The independence assumption in information retrieval, Proceedings of ECML-98, 10th European Conference on Machine Learning, eds. Claire Nédellec and Céline Rouveirol (Springer Verlag, Heidelberg, DE) pp. 4–15. Google Scholar
Yiming Yang and Christopher G. Chute, ACM Trans. Inf. Syst. 12(3), 252 (1994). Crossref, Web of Science, Google Scholar
A. Moschitti , A study on optimal parameter tuning for Rocchio Text Classifier , Proceedings of the 25th European Conference on Information Retrieval Research . Google Scholar