Web server load prediction and anomaly detection from hypertext transfer protocol logs

Q2 Computer Science

International Journal of Electrical and Computer Engineering Pub Date : 2023-10-01 DOI:10.11591/ijece.v13i5.pp5165-5178

Lenka Benova, L. Hudec

{"title":"Web server load prediction and anomaly detection from hypertext transfer protocol logs","authors":"Lenka Benova, L. Hudec","doi":"10.11591/ijece.v13i5.pp5165-5178","DOIUrl":null,"url":null,"abstract":"As network traffic increases and new intrusions occur, anomaly detection solutions based on machine learning are necessary to detect previously unknown intrusion patterns. Most of the developed models require a labelled dataset, which can be challenging owing to a shortage of publicly available datasets. These datasets are often too small to effectively train machine learning models, which further motivates the use of real unlabeled traffic. By using real traffic, it is possible to more accurately simulate the types of anomalies that might occur in a real-world network and improve the performance of the detection model. We present a method able to predict and categorize anomalies without the aid of a labelled dataset, demonstrating the model’s usability while also gathering a dataset from real noisy network traffic. The proposed long short-term memory (LTSM) based intrusion detection system was tested in a real-world setting of an antivirus company and was successful in detecting various intrusions using 5-minute windowing over both the predicted and real update curves thereby demonstrating its usefulness. Our contribution was the development of a robust model generally applicable to any hypertext transfer protocol (HTTP) traffic with almost real-time anomaly detection, while also outperforming earlier studies in terms of prediction accuracy.","PeriodicalId":38060,"journal":{"name":"International Journal of Electrical and Computer Engineering","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Electrical and Computer Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.11591/ijece.v13i5.pp5165-5178","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

Abstract

As network traffic increases and new intrusions occur, anomaly detection solutions based on machine learning are necessary to detect previously unknown intrusion patterns. Most of the developed models require a labelled dataset, which can be challenging owing to a shortage of publicly available datasets. These datasets are often too small to effectively train machine learning models, which further motivates the use of real unlabeled traffic. By using real traffic, it is possible to more accurately simulate the types of anomalies that might occur in a real-world network and improve the performance of the detection model. We present a method able to predict and categorize anomalies without the aid of a labelled dataset, demonstrating the model’s usability while also gathering a dataset from real noisy network traffic. The proposed long short-term memory (LTSM) based intrusion detection system was tested in a real-world setting of an antivirus company and was successful in detecting various intrusions using 5-minute windowing over both the predicted and real update curves thereby demonstrating its usefulness. Our contribution was the development of a robust model generally applicable to any hypertext transfer protocol (HTTP) traffic with almost real-time anomaly detection, while also outperforming earlier studies in terms of prediction accuracy.

查看原文本刊更多论文

基于超文本传输协议日志的Web服务器负载预测和异常检测

随着网络流量的增加和新入侵的发生，基于机器学习的异常检测解决方案对于检测以前未知的入侵模式是必要的。大多数已开发的模型都需要一个标记的数据集，由于缺乏公开可用数据集，这可能具有挑战性。这些数据集往往太小，无法有效地训练机器学习模型，这进一步激发了对真实未标记流量的使用。通过使用真实流量，可以更准确地模拟现实世界网络中可能发生的异常类型，并提高检测模型的性能。我们提出了一种能够在没有标记数据集的帮助下预测和分类异常的方法，证明了该模型的可用性，同时还从真实的噪声网络流量中收集了数据集。所提出的基于长短期记忆（LTSM）的入侵检测系统在一家反病毒公司的真实世界环境中进行了测试，并成功地通过在预测和真实更新曲线上使用5分钟窗口来检测各种入侵，从而证明了其有用性。我们的贡献是开发了一个稳健的模型，该模型通常适用于任何具有几乎实时异常检测的超文本传输协议（HTTP）流量，同时在预测准确性方面也优于早期研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Electrical and Computer Engineering Computer Science-Computer Science (all)

CiteScore

4.10

自引率

0.00%

发文量

177

期刊介绍： International Journal of Electrical and Computer Engineering (IJECE) is the official publication of the Institute of Advanced Engineering and Science (IAES). The journal is open to submission from scholars and experts in the wide areas of electrical, electronics, instrumentation, control, telecommunication and computer engineering from the global world. The journal publishes original papers in the field of electrical, computer and informatics engineering which covers, but not limited to, the following scope: -Electronics: Electronic Materials, Microelectronic System, Design and Implementation of Application Specific Integrated Circuits (ASIC), VLSI Design, System-on-a-Chip (SoC) and Electronic Instrumentation Using CAD Tools, digital signal & data Processing, , Biomedical Transducers and instrumentation, Medical Imaging Equipment and Techniques, Biomedical Imaging and Image Processing, Biomechanics and Rehabilitation Engineering, Biomaterials and Drug Delivery Systems; -Electrical: Electrical Engineering Materials, Electric Power Generation, Transmission and Distribution, Power Electronics, Power Quality, Power Economic, FACTS, Renewable Energy, Electric Traction, Electromagnetic Compatibility, High Voltage Insulation Technologies, High Voltage Apparatuses, Lightning Detection and Protection, Power System Analysis, SCADA, Electrical Measurements; -Telecommunication: Modulation and Signal Processing for Telecommunication, Information Theory and Coding, Antenna and Wave Propagation, Wireless and Mobile Communications, Radio Communication, Communication Electronics and Microwave, Radar Imaging, Distributed Platform, Communication Network and Systems, Telematics Services and Security Network; -Control[...] -Computer and Informatics[...]