PoS - Proceedings of Science
Volume 300 - Information Science and Cloud Computing (ISCC 2017) - Session II: Information Science
The Detection of Web Abnormal Scan Behaviors Based on Cluster Analysis
D. Bai*, M. Feng, L. Chen and X. Guo
Full text: pdf
Pre-published on: February 26, 2018
Published on: March 08, 2018
Abstract
Scan is the most common technical means used by hackers to identify site vulnerabilities as an attack entry to a website. Local and lightweight scan can often avoid the detection for network layer security protection. The establishment of detection algorithms against such hidden abnormal scan can enable timely identification of the vulnerability of an application site so to establish a precise active protection strategy. Through the comparison on the access behaviors of various users based on the behavioral characteristics of abnormal scan summarized and the clustering algorithm of the subdomain of the site, the occurrence time of abnormal scan and the location of the subdomain can be detected. The results show that the higher the degree of overlap of characteristic operation indexes, the higher the probability of being an abnormal scan behavior. This helps greatly reduce false positives during the overall detection of the website.
Based on the output of the clustering-based detection model, it provides a strong basis for enhancing the protection of the application system and repairing security vulnerabilities caused by the inherent logic errors and the incomplete system functionality.
DOI: https://doi.org/10.22323/1.300.0023
How to cite

Metadata are provided both in "article" format (very similar to INSPIRE) as this helps creating very compact bibliographies which can be beneficial to authors and readers, and in "proceeding" format which is more detailed and complete.

Open Access
Creative Commons LicenseCopyright owned by the author(s) under the term of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.