Article: Anomaly detection in the web logs using user-behaviour networks Journal: International Journal of Web Engineering and Technology (IJWET) 2019 Vol.14 No.2 pp.178 - 199 Abstract: With the rapid growth of the web attacks, anomaly detection becomes a necessary part in the management of modern large-scale distributed web applications. As the record of the user behaviour, web logs certainly become the research object relate to anomaly detection. Many anomaly detection methods based on automated log analysis have been proposed. However, most researches focus on the content of the single logs, while ignoring the connection between the user and the path. To address this problem, we introduce the graph theory into the anomaly detection and establish a user behaviour network model. Integrating the network structure and the characteristic of anomalous users, we propose five indicators to identify the anomalous users and the anomalous logs. Results show that the method gets a better performance on four real web application log datasets, with a total of about 4 million log messages and 1 million anomalous instances. In addition, this paper integrates and improves a state-of-the-art anomaly detection method, to further analyse the composition of the anomalous logs. We believe that our work will bring a new angle to the research field of the anomaly detection. Inderscience Publishers - linking academia, business and industry through research

Title: Anomaly detection in the web logs using user-behaviour networks

Authors: Jingwen You; Xiaojuan Wang; Lei Jin; Yong Zhang

Addresses: School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing, China ' School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing, China ' School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing, China ' School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing, China

Abstract: With the rapid growth of the web attacks, anomaly detection becomes a necessary part in the management of modern large-scale distributed web applications. As the record of the user behaviour, web logs certainly become the research object relate to anomaly detection. Many anomaly detection methods based on automated log analysis have been proposed. However, most researches focus on the content of the single logs, while ignoring the connection between the user and the path. To address this problem, we introduce the graph theory into the anomaly detection and establish a user behaviour network model. Integrating the network structure and the characteristic of anomalous users, we propose five indicators to identify the anomalous users and the anomalous logs. Results show that the method gets a better performance on four real web application log datasets, with a total of about 4 million log messages and 1 million anomalous instances. In addition, this paper integrates and improves a state-of-the-art anomaly detection method, to further analyse the composition of the anomalous logs. We believe that our work will bring a new angle to the research field of the anomaly detection.

Keywords: graph theory; anomaly detection; user behaviour; web engineering.

DOI: 10.1504/IJWET.2019.102871

International Journal of Web Engineering and Technology, 2019 Vol.14 No.2, pp.178 - 199

Published online: 08 Oct 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Anomaly detection in the web logs using user-behaviour networks

Keep up-to-date