Efficient Association Rule Mining For Web Application Anomaly Detection
Web servers are ubiquitous and often misconfigured. Custom web applications may introduce vulnerabilities which can be used by attackers. Signature based misuse detection method can detect well known attacks to web applications, while they are lack of flexibility and adaptability. A novel anomaly detection model for web applications is introduced in this paper. The web server access log file is used as data source. The detection method is based on the analysis of the querying parameters relationship of the HTTP requests. We use efficient NFP-tree algorithm to mine frequent patterns. Rule associations for anomaly detection are generated from these frequent patterns. Experiment shows that this model of anomaly detection can detect web appliction attacks effectively.
anomaly detection frequent pattern mining association rule web application
Jingli Zhou Jifeng Yu Liqin Xiong
Department of Computer Science and Technology Huazhong University of Science and Technology Wuhan Hubei Province China
国际会议
秦皇岛
英文
480-483
2010-11-05(万方平台首次上网日期,不代表论文的发表时间)