Article: Malicious behaviour classification in web logs based on an improved Xgboost algorithm Journal: International Journal of Web Engineering and Technology (IJWET) 2018 Vol.13 No.4 pp.334 - 362 Abstract: Attacks against web servers are one of the most serious threats in security fields. Attackers are able to make the computer systems more vulnerable. Analysing the web logs is one of the most effective methods to identify malicious behaviours. In this study, we consider the analysis of HTTP requests in web logs to classify malicious behaviour into multiple categories. At present, web attacks are so complex that single layer classification model is unable to deal with the emerging attacks, in particular, there is a limitation that category features cannot be added to single layer model. Motivated by this, we propose an improved Xgboost algorithm, which uses the method of constructing candidate attacks to attain higher accuracy for malicious behaviour detection. The experimental results show that, compared to other machine learning algorithms, the improved Xgboost algorithm we proposed performs better. Besides, after extracting the important features, it not only does not affect the effectiveness of the algorithm model, but also improves the computational efficiency. Inderscience Publishers - linking academia, business and industry through research

Title: Malicious behaviour classification in web logs based on an improved Xgboost algorithm

Authors: Jiaming Song; Xiaojuan Wang; Lei Jin; Jingwen You

Addresses: Department of Electronic Science and Technology, Beijing University of Posts and Telecommunications (BUPT), 10 West Tucheng Road, Haidian District, Beijing 100876, China ' Department of Electronic Science and Technology, Beijing University of Posts and Telecommunications (BUPT), 10 West Tucheng Road, Haidian District, Beijing 100876, China ' Department of Electronic Science and Technology, Beijing University of Posts and Telecommunications (BUPT), 10 West Tucheng Road, Haidian District, Beijing 100876, China ' Department of Electronic Science and Technology, Beijing University of Posts and Telecommunications (BUPT), 10 West Tucheng Road, Haidian District, Beijing 100876, China

Abstract: Attacks against web servers are one of the most serious threats in security fields. Attackers are able to make the computer systems more vulnerable. Analysing the web logs is one of the most effective methods to identify malicious behaviours. In this study, we consider the analysis of HTTP requests in web logs to classify malicious behaviour into multiple categories. At present, web attacks are so complex that single layer classification model is unable to deal with the emerging attacks, in particular, there is a limitation that category features cannot be added to single layer model. Motivated by this, we propose an improved Xgboost algorithm, which uses the method of constructing candidate attacks to attain higher accuracy for malicious behaviour detection. The experimental results show that, compared to other machine learning algorithms, the improved Xgboost algorithm we proposed performs better. Besides, after extracting the important features, it not only does not affect the effectiveness of the algorithm model, but also improves the computational efficiency.

Keywords: web logs; malicious behaviour classification; two-layer model; category features; candidate attacks; web engineering.

DOI: 10.1504/IJWET.2018.097560

International Journal of Web Engineering and Technology, 2018 Vol.13 No.4, pp.334 - 362

Published online: 28 Jan 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Malicious behaviour classification in web logs based on an improved Xgboost algorithm

Keep up-to-date