Engineering web log for detecting malicious sessions to a web site by visual inspection

Naoko Hirose, Einoshin Suzuki

Research output: Contribution to journalArticle

Abstract

In this paper, we propose a Web engineering method for our visualization method PrototypeLines in order to detect malicious sessions to a Web Site. Novel types of malicious accesses are hardly discovered unless a system administrator monitors a huge amount of access log data. PrototypeLines is a visualization method based on probabilistic clustering with a single parameter that must be tuned and has been successful in a medical domain. Due to several characteristics of web log such as multiple aspects of a requested file, a simple application of PrototypeLines would result in poor performance for the detection task. Our Web engineering method relies on feature extraction from Web access log and resolves the multiple aspects of a requested file by probabilistic clustering. We also believe that PrototypeLines is more attractive than other anomaly based malicious access detection methods based on machine learning since each of the latter methods typically has many parameters that must be tuned or requires much user-interaction. Effectiveness of our method is investigated by experiments with real data. The results show that our method is effective in detecting malicious accesses since it provides a display of a large amount of access sessions in a compact manner emphasizing malicious accesses with warm colors.

Original languageEnglish
Pages (from-to)1249-1258
Number of pages10
JournalWSEAS Transactions on Computers
Volume4
Issue number10
Publication statusPublished - Oct 1 2005
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Fingerprint Dive into the research topics of 'Engineering web log for detecting malicious sessions to a web site by visual inspection'. Together they form a unique fingerprint.

  • Cite this