Abstract
Considering the protection requirements of large organizations for multiple web applications, we design and implement an attack detection system. The system is built on the big data platform, which is highly scalable. It adopts the network-traffic-based detection, capturing, parsing and analyzing the HTTP packets passing by in real time. By analyzing historical data, we are able to get application-specific access patterns, which can help domain experts find out anomalies efficiently. Besides, based on the labels given by domain experts, semi-supervised learning is applied to build attack detection classifier. The system is deployed in the real network of our university and has detected dozens of attacks.
Access provided by CONRICYT-eBooks. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
- Intrusion Detection
- Domain Expert
- Intrusion Detection System
- Attack Detection
- Computer Security Foundation Workshop
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
J Mchugh,A Christie,J Allen. Defending Yourself: The Role of Intrusion Detection Systems. IEEE Software, 2000, 17(5):42-51
D Barbará,J Couto,S Jajodia,L Popyack,N Wu. ADAM: Detecting Intrusions by Data Mining. Proceedings of the IEEE Workshop on Information Security, 2001:11–16
Y Gu, A Mccallum, D Towsley. Detecting anomalies in network traffic using maximum entropy estimation. ACM Sigcomm Conference on Internet Measurement, 2005:345-350
J Yu, H Lee, MS Kim, D Park. Traffic flooding attack detection with SNMP MIB using SVM. Computer Communications, 2008, 31(17):4212-4219
J Zhang, M Zulkernine. A Hybrid Network Intrusion Detection Technique Using Random Forests. International Conference on Availability, 2006, 37(8):262-269
G Jia, G Cheng, DM Gangahar,DK Agrawal. Traffic anomaly detection using k-means clustering. In. GI/ITG workshop MMBnet
SR Gaddam, VV Phoha, KS Balagani. K-Means+ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods. IEEE Transactions on Knowledge & Data Engineering, 2007, 19(3):345-354
X. Zhu. Semi-supervised learning literature survey. Technical Report 1530, Department of Computer Sciences, University of Wisconsin at Madison, Madison, WI, Apr. 2006.
O. Chapelle, B. Schölkopf, A. Zien, eds. Semi-Supervised Learning, Cambridge, MA: MIT Press, 2006
M Almgren, E Jonsson. Using active learning in intrusion detection. Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW’04)
J Kreps, L Corp, N Narkhede, J Rao, L Corp: Kafka: a distributed messaging system for log processing. NetDB’11, Athens, 2011
S Ghemawat: The Google file system. ACM SIGOPS Operating Systems Review, 2003, 37(5):29-43
F Chang, J Dean, S Ghemawat, WC Hsieh, DA Wallach: Bigtable:a distributed storage system for structured data. ACM Transactions on Computer Systems, 2008, 26(2):205–218
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Jin, X., Yin, C., Yang, P., Cui, B. (2017). An Attack Detection System for Multiple Web Applications Based on Big Data Platform. In: Barolli, L., Xhafa, F., Yim, K. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2016. Lecture Notes on Data Engineering and Communications Technologies, vol 2. Springer, Cham. https://doi.org/10.1007/978-3-319-49106-6_35
Download citation
DOI: https://doi.org/10.1007/978-3-319-49106-6_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49105-9
Online ISBN: 978-3-319-49106-6
eBook Packages: EngineeringEngineering (R0)