Check out RSS, or use RSS reader to subscribe this item
Confirmation
Authentication email has already been sent, please check your email box: and activate it as soon as possible.
You can login to My Profile and manage your email alerts.
Sponsored by the Center for Science and Technology Development of the Ministry of Education
Supervised by Ministry of Education of the People's Republic of China
HTTP-session model and its application in the anomaly HTTP traffic detection
Yi Xie *
School of Information Science and Technology, Sun Yat-Sen University
*Correspondence author
#Submitted by
Subject:
Funding:
Doctoral Fund of Ministry of Education of China(No.Grant No.20090171120001), This work was supported by the National Natural Science Foundation of China(No.Grant No.: 60970146 and U0735002), the Fundamental Research Funds for the Central Universities (No.Grant No.11lgpy38)
Different from most existing studies on Web session identification for commerce purposes, a novel dynamic realtime HTTP-session processes description method is presented in this paper for detecting the anomaly HTTP traffic for network boundary. The proposed scheme doesn't rely on presupposed threshold and client/server-side data which are widely used in traditional session detection approaches. A new parameter is defined based on inter-arrival time of HTTP requests. A nonlinear algorithm is introduced for quantization. Trained by the quantized sequences, nonparametric hidden Markov model with explicit state duration is applied to cluster and scout the HTTP-session processes. A probability function is derived for predicting HTTP-session processes. The deviation between the prediction result and the real observation is used for sham Web behavior detection. Experiments based on real HTTP traces of large-scale Web proxies are implemented to valid the proposal.
Keywords:HTTP-session model; Anomaly detection; Web traffic