Abstract
Different from most existing studies on Web session identification for commerce purposes, a novel dynamic real time HTTP-session processes description method is presented in this paper for detecting the anomaly HTTP traffic for network boundary. The proposed scheme doesn't rely on presupposed threshold and client/server-side data which are widely used in traditional session detection approaches. A new parameter is defined based on inter-arrival time of HTTP requests. A nonlinear algorithm is introduced for quantization. Trained by the quantized sequences, nonparametric hidden Markov model with explicit state duration is applied to cluster and scout the HTTP-session processes. A probability function is derived for predicting HTTP-session processes. The deviation between the prediction result and the real observation is used for sham Web behavior detection. Experiments based on real HTTP traces of large-scale Web proxies are implemented to valid the proposal.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
