{"title":"基于熵分析的Web攻击检测","authors":"T. Threepak, Akkradach Watcharapupong","doi":"10.1109/ICOIN.2014.6799699","DOIUrl":null,"url":null,"abstract":"Web attacks are increases both magnitude and complexity. In this paper, we try to use the Shannon entropy analysis to detect these attacks. Our approach examines web access logging text using the principle that web attacking scripts usually have more sophisticated request patterns than legitimate ones. Risk level of attacking incidents are indicated by the average (AVG) and standard deviation (SD) of each entropy period, i.e., Alpha and Beta lines which are equal to AVG-SD and AVG-2*SD, respectively. They represent boundaries in detection scheme. As the result, our technique is not only used as high accurate procedure to investigate web request anomaly behaviors, but also useful to prune huge application access log files and focus on potential intrusive events. The experiments show that our proposed process can detect anomaly requests in web application system with proper effectiveness and low false alarm rate.","PeriodicalId":388486,"journal":{"name":"The International Conference on Information Networking 2014 (ICOIN2014)","volume":"279 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"Web attack detection using entropy-based analysis\",\"authors\":\"T. Threepak, Akkradach Watcharapupong\",\"doi\":\"10.1109/ICOIN.2014.6799699\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Web attacks are increases both magnitude and complexity. In this paper, we try to use the Shannon entropy analysis to detect these attacks. Our approach examines web access logging text using the principle that web attacking scripts usually have more sophisticated request patterns than legitimate ones. Risk level of attacking incidents are indicated by the average (AVG) and standard deviation (SD) of each entropy period, i.e., Alpha and Beta lines which are equal to AVG-SD and AVG-2*SD, respectively. They represent boundaries in detection scheme. As the result, our technique is not only used as high accurate procedure to investigate web request anomaly behaviors, but also useful to prune huge application access log files and focus on potential intrusive events. The experiments show that our proposed process can detect anomaly requests in web application system with proper effectiveness and low false alarm rate.\",\"PeriodicalId\":388486,\"journal\":{\"name\":\"The International Conference on Information Networking 2014 (ICOIN2014)\",\"volume\":\"279 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-04-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The International Conference on Information Networking 2014 (ICOIN2014)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICOIN.2014.6799699\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The International Conference on Information Networking 2014 (ICOIN2014)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOIN.2014.6799699","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Web attacks are increases both magnitude and complexity. In this paper, we try to use the Shannon entropy analysis to detect these attacks. Our approach examines web access logging text using the principle that web attacking scripts usually have more sophisticated request patterns than legitimate ones. Risk level of attacking incidents are indicated by the average (AVG) and standard deviation (SD) of each entropy period, i.e., Alpha and Beta lines which are equal to AVG-SD and AVG-2*SD, respectively. They represent boundaries in detection scheme. As the result, our technique is not only used as high accurate procedure to investigate web request anomaly behaviors, but also useful to prune huge application access log files and focus on potential intrusive events. The experiments show that our proposed process can detect anomaly requests in web application system with proper effectiveness and low false alarm rate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
