A Web Intrusion Detection Mechanism based on Feature based Data Clustering

Abstract

Web is one of the most popular internet services in today's world. In today's world, web servers and web based applications are the popular corporate applications and become the targets of the attackers. A Large number of Web applications, especially those deployed for companies to e-business operation involve high reliability, efficiency and confidentiality. Such applications are written in script languages like PHP embedded in HTML allowing establish the connection to databases, retrieving data and putting them in WWW site. In order to detect known attacks, misuse detection of web based attacks consists of attack rules and descriptions. As misuse detection considers predefined signatures for intrusion detection, here we have proposed two phases of intrusion detection mechanism. In the first phase we have used web host based intrusion detection with matching mechanism using `Hamming Edit Distance'. We have considered here. the web layer log file for matching. This phase has been tested with our university intranet web server's log file. We have tested successfully the SQL injection for unauthorized access. We proposed a `Query based projected clustering' for unsupervised anomaly detection and also a `packet arrival factor' for intrusion detection in the second phase. We tested the scheme in this phase using KDD CUP99. In this phase while testing our scheme, we have extracted the feature dataset with protocol `tcp' and services `http'. Both the phases of our scheme found working successfully and an evaluated threshold has been proposed for better result.