In this paper, we propose a Web engineering method for our visualization method PrototypeLines in order to detect malicious sessions to a Web Site. Novel types of malicious accesses are hardly discovered unless a system administrator monitors a huge amount of access log data. PrototypeLines is a visualization method based on probabilistic clustering with a single parameter that must be tuned and has been successful in a medical domain. Due to several characteristics of web log such as multiple aspects of a requested file, a simple application of PrototypeLines would result in poor performance for the detection task. Our Web engineering method relies on feature extraction from Web access log and resolves the multiple aspects of a requested file by probabilistic clustering. We also believe that PrototypeLines is more attractive than other anomaly based malicious access detection methods based on machine learning since each of the latter methods typically has many parameters that must be tuned or requires much user-interaction. Effectiveness of our method is investigated by experiments with real data. The results show that our method is effective in detecting malicious accesses since it provides a display of a large amount of access sessions in a compact manner emphasizing malicious accesses with warm colors.
|Number of pages||10|
|Journal||WSEAS Transactions on Computers|
|Publication status||Published - Oct 1 2005|
All Science Journal Classification (ASJC) codes
- Computer Science(all)