Intrusion Detection and Avoidance for a Heterogeneous Cluster of Web Sites

Abstract

This paper outlines the design of a Hybrid Intrusion Detection System for a Web-Server hosting a heterogeneous cluster of web sites. This system was trained using the Classification and Regression Tree (CART) technique, with the Gini index as the measure of impurity, and allows for a headless operation once deployed. The model utilizes information that was mined from the Access logs of a web server. The system automatically performs pre-processing, classification and the blacklisting of those IP addresses deemed to be harmful. This model relies on the correlation between the server issued status codes, HTTP Methods, types of files being accessed, the geographical location of the client and the prospect of that being malicious. This system, which was made open source for both public use and development, achieved an accuracy score of 94.5% on the test set. This paper is aimed to Internet as a complex network Conference.