Feature modeling and cluster analysis of malicious Web traffic

Author

Ana Dimitrijevikj, West Virginia University

Semester

Spring

Date of Graduation

2011

Document Type

Thesis

Degree Type

MS

College

Statler College of Engineering and Mineral Resources

Department

Lane Department of Computer Science and Electrical Engineering

Committee Chair

Katerina Goseva-Popstojanova

Abstract

Many attackers find Web applications to be attractive targets since they are widely used and have many vulnerabilities to exploit. The goal of this thesis is to study patterns of attacker activities on typical Web based systems using four data sets collected by honeypots, each in duration of almost four months. The contributions of our work include cluster analysis and modeling the features of the malicious Web traffic. Some of our main conclusions are: (1) Features of malicious sessions, such as Number of Requests, Bytes Transferred, and Duration, follow skewed distributions, including heavy-tailed. (2) Number of requests per unique attacker follows skewed distributions, including heavy-tailed, with a small number of attackers submitting most of the malicious traffic. (3) Cluster analysis provides an efficient way to distinguish between attack sessions and vulnerability scan sessions.

Recommended Citation

Dimitrijevikj, Ana, "Feature modeling and cluster analysis of malicious Web traffic" (2011). Graduate Theses, Dissertations, and Problem Reports. 4708.
https://researchrepository.wvu.edu/etd/4708