EEMCS EPrints Service
Stemmer, J. (2012) Detecting outliers in web-based network traffic. Master's thesis, University of Twente.
Full text available as:
Regular anomaly detection approaches require the full network payload data or low-level access to the system. In cases where this kind of information is not available because of limited system access, encrypted data or privacy reasons these approaches cannot be used. We present an anomaly detection technique for these cases using an outlier detection algorithm. The individual requests from a request log are grouped together to reconstruct the original sessions. These sessions form a new dataset from which anomalies can be detected using a Self-Organizing Map. We train the Self-Organizing Map with a subset of the sessions and then perform the outlier detection on the rest of the dataset. Using this approach we are able to identify several automated attacks, however the lack of information in the individual requests make it hard to distinguish regular user behavior from manually crafted attacks.
Export this item as:
To correct this item please ask your editor
Repository Staff Only: edit this item