Intrusion detection in web applications using text mining

Abstract

Information security has evolved from just focusing on the network and server layers to also include the web application layer. In fact, security in some types of web applications is often considered a particularly sensitive subject. Achieving a secure web application involves several different issues like encrypting traffic and certain database information, strictly restricting the access control, etc. In this work we focus on detecting attempts of either gaining unauthorised access or misusing a web application. We introduce an intrusion detection software component based on text-mining techniques. By using text categorisation, it is capable of learning the characteristics of both normal and malicious user behaviour from the log entries generated by the web application server. Therefore, the detection of misuse in the web application is achieved without the need of any explicit programming or code writing, hence improving the system maintainability. Because telemedicine systems are usually critical in terms of the confidential information handled and the responsibilities consequently derived, we apply and evaluate our methods on a real web-based telemedicine system called Arnasa.