A Novel Anomaly Detection Approach for Mitigating Web-Based Attacks Against Clouds

In recent years, web-based attacks increase and become the top threat in cloud environments. To detect unknown web-based attacks, many studies resort to anomaly detection through analyzing web logs. This paper presents an anomaly detection approach, which includes a transforming model and a classifier model. The transforming model converts every entry into a vector, and every value in vector is obtained by training extracted features in statistical techniques and Naive Bayes, which can analyze URI or URL without query in web logs and establish a unified normal standard for different websites. A big real-life dataset of about 50.1GB web logs has been used to verify the effectiveness of our approach, and the experimental results show that our approach can achieve detection rate over 98% and false alarm rate less than 1.5%.