WEB MISUSE DETECTION THROUGH TEXT CATEGORISATION OF APPLICATION SERVER LOGS

摘要

Security in web-based systems that handle confidential information can be considered a particularly sensitive subject that requires assuming some responsibilities about security. Achieving a secure web application involves tackling several issues such encryption of traffic and certain database information, strictly restricted access control, etc. In this work we focus on detecting misuse of the web application in order to gain unauthorised access. We introduce an Intrusion Detection component that by applying Text Categorisation is capable of learning the characteristics of both normal and malicious user behaviour from the regular, high-level log entries generated by web application through its application server. Therefore, the detection of misuse in the web application is achieved without the need of explicit programming or modification of the existing web application. We applied our Intrusion Detection component to a real web-based telemedicine system in order to offer some evaluation measurements. This articles offers an overview of the model, our experiences, and observations.