HTTP-session model and its application in the anomaly HTTP traffic detection

Yi Xie

Chinese︱Feedback︱Save this page

• Elaborating Academic Views 　　　　 • Exchanging Innovative Ideas
• Protecting Intellectual Properties 　　• Fast Sharing Science Papers

Sponsored by the Center for Science and Technology Development of the Ministry of Education
Supervised by Ministry of Education of the People's Republic of China

Home > Papers

HTTP-session model and its application in the anomaly HTTP traffic detection

Yi Xie *

School of Information Science and Technology, Sun Yat-Sen University

*Correspondence author

#Submitted by

Subject:

Funding: Doctoral Fund of Ministry of Education of China（No.Grant No.20090171120001）, This work was supported by the National Natural Science Foundation of China（No.Grant No.: 60970146 and U0735002）, the Fundamental Research Funds for the Central Universities （No.Grant No.11lgpy38）

Opened online:18 October 2011

Accepted by: none

Citation: Yi Xie.HTTP-session model and its application in the anomaly HTTP traffic detection[OL]. [18 October 2011] http://en.paper.edu.cn/en_releasepaper/content/4445505

Different from most existing studies on Web session identification for commerce purposes, a novel dynamic realtime HTTP-session processes description method is presented in this paper for detecting the anomaly HTTP traffic for network boundary. The proposed scheme doesn't rely on presupposed threshold and client/server-side data which are widely used in traditional session detection approaches. A new parameter is defined based on inter-arrival time of HTTP requests. A nonlinear algorithm is introduced for quantization. Trained by the quantized sequences, nonparametric hidden Markov model with explicit state duration is applied to cluster and scout the HTTP-session processes. A probability function is derived for predicting HTTP-session processes. The deviation between the prediction result and the real observation is used for sham Web behavior detection. Experiments based on real HTTP traces of large-scale Web proxies are implemented to valid the proposal.

Keywords:HTTP-session model; Anomaly detection; Web traffic

For this paper

● PDF (0B)
● Revision 0 　　
● Print this paper
● Recommend this paper to a friend
● Add to my favorite list

Saved Papers

Please enter a name for this paper to be shown in your personalized Saved Papers list

Tags

Add yours

Related Papers

Statistics

PDF Downloaded	268
Bookmarked	0
Recommend	5
Comments	Array

Submit your papers

Alert Name:
Alerting to:
Authentication email will be sent to your email address in 24 hours
Frequency:
Email Message Format:	Plain text Graphical(HTML)

Complete the form below and we will recommend the selected titles to your friends on your behalf. * Indicates a required field.
Your name*:
Your email address*:
Recipient's name*:
Recipient's email address*:
(multiple recipient's names and email addresses should be separated with semicolons)
Your comments:	I thought you would find the page(s) useful.

Your name:
Your email address:
Recipient's name:
Recipient's email address:
(multiple recipient's names and email addresses should be separated with semicolons)
Your comments:	I thought you would find this page useful.

Disclaimer: This message was sent to your friend using the "Send it to a friend" facility on the Sciencepaper Online’ WWW site, http://www.paper.edu.cn/en. The Sciencepaper Online is not responsible for the content of this email, and anything said in this email does not necessarily reflect the Sciencepaper Online's views.

	Check out RSS, or use RSS reader to subscribe this item

Saved Papers