Detecting anomalous Web server usage through mining access logs

Gržinić, Toni; Kišasondi, Tonimir; Šaban, Josip
September 2013
Central European Conference on Information & Intelligent Systems;Sep2013, p228
Conference Proceeding
Most operating systems services generate log files that can be used for debugging and supervision. One important function of log files is logging security related or debug information, for example logging unsuccessful authentication or error logging. This paper shows how to implement an anomaly detection process of web server's unexpected events using the Apache web server's logs and applying supervised machine learning algorithms to extracted features. Also, we compare the classification performance of several algorithms that can be easily implemented in real-world scenarios.


Related Articles

  • WEB ATAKLARI İÇİN METÄ°N TABANLI ANORMALLÄ°K TESPÄ°TÄ° (WAMTAT). Takci, Hidayet; Akyuz, Turker; Sogukpinar, İbrahim // Journal of the Faculty of Engineering & Architecture of Gazi Uni;Jun2007, Vol. 22 Issue 2, p247 

    Nowadays, there is an interaction between the web sites and users. In this interaction, user requests are sent to web servers in URL strings. Sometimes, harmful code may be embedded into those strings. Harmful code embedding is one of web attacks. User input data may be analyzed for detection of...

  • Compaq to launch app server line. Weil, Nancy // Network World;05/31/99, Vol. 16 Issue 22, p8 

    Announces Compaq's launching of three models of appliance server in the TaskSmart C-Series to help users run Web sites. Features of C1200R, C1500R and C2000R models; Contact information.

  • Errata corrige.  // International Review on Computers & Software;Apr2016, Vol. 11 Issue 4, p373 

    No abstract available.

  • EDITOR'S INTRODUCTION. Yong Shi // International Journal of Information Technology & Decision Makin;Nov2010, Vol. 9 Issue 6, p847 

    The article discusses various reports published within the issue, including one by Ying Liu and colleagues on a two-phase algorithm for handling high utility itemsets, one by Junlin Zhou and colleagues on the framework for distributed anomaly detection, and one by Zaiwu Gong and colleagues on...

  • Windows 2003 'not smart enough' to be used a Unix datacentre replacement. Saran, Cliff // Computer Weekly;4/8/2003, p6 

    Reports that Unisys introduced an upgraded version of its ES7000 server supporting the Windows 2003 operating system. Features of the server; Limitations of the Windows 2003 operating system; Comparison with the Unix systems.

  • Boston Value Series 120 G8. MITCHELL, DAVE // PC Pro;Oct2012, Issue 216, p128 

    The article evaluates the Boston Value Series 129 G8 rack server.

  • Start-up looks to speed data delivery. Connor, Deni // Network World;04/09/2001, Vol. 18 Issue 15, p15 

    Reports that systems and storage start-up Ikadega is introducing a server appliance for enterprise networks and service providers. Key features and specifications; Availability information; Price.

  • Making the grade. Biggs, Maggie // InfoWorld;06/14/99, Vol. 21 Issue 24, p1 

    Focuses on the evolution of the 1999 class of application servers that leave the relative safety of product development laboratories and commerce work in the real world. Benefits offered by distributed multitier application architecture; How the class of application servers are divided...

  • Evaluation metrics for anomaly detection algorithms in time-series. Kovács, György; Sebestyen, Gheorghe; Hangan, Anca // Acta Universitatis Sapientiae, Informatica;Dec2019, Vol. 11 Issue 2, p113 

    Time-series are ordered sequences of discrete-time data. Due to their temporal dimension, anomaly detection techniques used in time-series have to take into consideration time correlations and other time-related particularities. Generally, in order to evaluate the quality of an anomaly detection...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics