Abstract
The paper presents the results of the research related to security analysis of web servers. The presented method uses the web server log files to determine the type of the attack against the web server. The web server log files are collections of text strings describing users’ requests, so one of the most important part of the work was to propose the method of conversion informative part of the requests, to numerical values to make possible further automatic processing. The vector of values obtained as the result of web server log file processing is used as the input to Self-Organizing Map (SOM) network. Finally, the SOM network has been trained to detect SQL injections and brute force password guessing attack. The method has been validated using the data obtained from a real data center.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Multi-agent platform for security level evaluation of information and communication services. Grzegorz, Kołaczek. Springer, Berlin
Egeber, P.: Background on Heartbleed (2014)
Gudkov, O.: Calculation Algorithm for Network Flow Parameters Entropy in Anomaly Detection. Kaspersky Lab (2012), http://www.kaspersky.com/images/Oleg%20Gudkov.pdf
Lichodzijewski, P., et al.: Host-based intrusion detection using self-organizing maps. In: Neural Networks, pp. 1714–1719 (2002)
Heywood, M.I.: Dynamic intrusion detection using self-organizing maps (2002)
Rhodes, C.: Multiple self-organizing maps for intrusion detection. In: 23rd National Information Systems Security Conference (2000)
Stevanovic, D., Vlajic, N.: Detection of malicious and non-malicious website visitors using unsupervised neural network learning. Applied Soft Computing 13(1), 698–708 (2013)
Łukasz, B., Katarzyna, N., Michał, A., Grzegorz, K.: SOM-based system for anomaly detection in network traffic. Wroclaw University of Technology, Wroclaw (2013)
Kolaczek, G., Juszczyszyn, K.: Traffic pattern analysis for distributed anomaly detection. In: Wyrzykowski, R., Dongarra, J., Karczewski, K., Waśniewski, J. (eds.) PPAM 2011, Part II. LNCS, vol. 7204, pp. 648–657. Springer, Heidelberg (2012)
Singh, N., Jain, A., Raw, R.S., Raman, R.: Detection of Web-Based Attacks by Analyzing Web Server Log Files. In: Mohapatra, D.P., Patnaik, S. (eds.) Intelligent Computing, Networking, and Informatics. AISC, vol. 243, pp. 101–109. Springer, Heidelberg (2014)
Budka, K.C., Deshpande, J.G., Thottan, M.: Network Security. In: Communication Networks for Smart Grids, pp. 209–225. Springer, London (2014)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kołaczek, G., Kuzemko, T. (2014). Security Incident Detection Using Multidimensional Analysis of the Web Server Log Files. In: Hwang, D., Jung, J.J., Nguyen, NT. (eds) Computational Collective Intelligence. Technologies and Applications. ICCCI 2014. Lecture Notes in Computer Science(), vol 8733. Springer, Cham. https://doi.org/10.1007/978-3-319-11289-3_67
Download citation
DOI: https://doi.org/10.1007/978-3-319-11289-3_67
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11288-6
Online ISBN: 978-3-319-11289-3
eBook Packages: Computer ScienceComputer Science (R0)