Web Proxy and cache play important roles in the modern Internet. Although much work has been done on them, few studies were focused on the fact that these trusted intermediaries may be utilized to launch Web-based attacks and to shield the attackers' malicious behavior. This paper fills an void in this area by proposing a new server-side detection scheme based on the behavior characteristics of proxy-to-server Web traffic. Proxy's access behavior is extracted from the temporal locality and the bytes of the requested objects. A stochastic process based on Gaussian mixtures hidden semi-Markov model is applied to describe the dynamic variability of the observed variables. The entropies of those pending Web traffics launched by proxies fitting to the model are used as the criterion for attack detection. Experiments based on the real Web traffic and an emulated attack are implemented to valid the proposal. © 2008 Springer Berlin Heidelberg.
CITATION STYLE
Xie, Y., & Yu, S. Z. (2008). Measuring the normality of Web Proxies’ behavior based on locality principles. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5245 LNCS, pp. 61–73). Springer Verlag. https://doi.org/10.1007/978-3-540-88140-7_6
Mendeley helps you to discover research relevant for your work.