By Topic

A Web Intrusion Detection Mechanism based on Feature based Data Clustering

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Das, D. ; Dept. of Comput. Sci. & Eng., Tezpur Univ., Tezpur ; Sharma, U. ; Bhattacharyya, D.K.

Web is one of the most popular internet services in today's world. In today's world, web servers and web based applications are the popular corporate applications and become the targets of the attackers. A Large number of Web applications, especially those deployed for companies to e-business operation involve high reliability, efficiency and confidentiality. Such applications are written in script languages like PHP embedded in HTML allowing establish the connection to databases, retrieving data and putting them in WWW site. In order to detect known attacks, misuse detection of web based attacks consists of attack rules and descriptions. As misuse detection considers predefined signatures for intrusion detection, here we have proposed two phases of intrusion detection mechanism. In the first phase we have used web host based intrusion detection with matching mechanism using 'Hamming Edit Distance'. We have considered here. the web layer log file for matching. This phase has been tested with our university intranet web server's log file. We have tested successfully the SQL injection for unauthorized access. We proposed a 'Query based projected clustering' for unsupervised anomaly detection and also a 'packet arrival factor' for intrusion detection in the second phase. We tested the scheme in this phase using KDD CUP99. In this phase while testing our scheme, we have extracted the feature dataset with protocol 'tcp' and services 'http'. Both the phases of our scheme found working successfully and an evaluated threshold has been proposed for better result.

Published in:

Advance Computing Conference, 2009. IACC 2009. IEEE International

Date of Conference:

6-7 March 2009