ANOMALY DETECTION SYSTEM OF WEB ACCESS USING USER BEHAVIOR FEATURES
The growth, accessibility of the Internet and the explosion of personal computing devices have made applications on the web growing robustly, especially for e-commerce and public services. Unfortunately, the vulnerabilities of these web services also increased rapidly. This leads to the need of monitoring the users accesses to these services to distinguish abnormal and malicious behaviors from the log data in order to ensure the quality of these web services as well as their safety. This work presents methods to build and develop a rule-based systems allowing services’ administrators to detect abnormal and malicious accesses to their web services from web logs. The proposed method investigates characteristics of user behaviors in the form of HTTP requests and extracts eﬃcient features to precisely detect abnormal accesses. Furthermore, this report proposes a way to collect and build datasets for applying machine learning techniques to generate detection rules automatically. The anomaly detection system of was tested and evaluated its performance on 4 different web sites with approximately one million log lines per day.