TY - JOUR
T1 - A Soft Computing Approach for Benign and Malicious Web Robot Detection
AU - Zabihimayvan, Mahdieh
AU - Sadeghi, Reza
AU - Rude, H. Nathan
AU - Doran, Derek
PY - 2017/6/7
Y1 - 2017/6/7
N2 - The accurate detection of Web robot sessions from a web server log is essential to take accurate traffic-level measurements and to protect the performance and privacy of information on a Web server. Moreover, the irrecoverable risks of visits from malicious robots that intentionally try to evade web server intrusion detection systems, covering-up their visits with fabricated fields in their http request packets, cannot be ignored. To separate both types of robots from humans in practice, analysts turn to heuristic methods or state-of-the-art soft computing approaches that have only been tuned to the specification of a kind of web server. Noting that the landscape of web robot agents is ever changing, and that behavioral patterns and characteristics vary across different web servers, both options are lacking. To overcome this challenge, this paper presents SMART, a soft computing system that simultaneously detects benign and malicious types of robot agents from web server logs and can automatically adapt to the session characteristics of a web server. The results of experiments over some access log file servers, each servicing different domains of the web, demonstrate outperformance of the proposed method on state-of-the-art ones for benign and malicious robot detection.
AB - The accurate detection of Web robot sessions from a web server log is essential to take accurate traffic-level measurements and to protect the performance and privacy of information on a Web server. Moreover, the irrecoverable risks of visits from malicious robots that intentionally try to evade web server intrusion detection systems, covering-up their visits with fabricated fields in their http request packets, cannot be ignored. To separate both types of robots from humans in practice, analysts turn to heuristic methods or state-of-the-art soft computing approaches that have only been tuned to the specification of a kind of web server. Noting that the landscape of web robot agents is ever changing, and that behavioral patterns and characteristics vary across different web servers, both options are lacking. To overcome this challenge, this paper presents SMART, a soft computing system that simultaneously detects benign and malicious types of robot agents from web server logs and can automatically adapt to the session characteristics of a web server. The results of experiments over some access log file servers, each servicing different domains of the web, demonstrate outperformance of the proposed method on state-of-the-art ones for benign and malicious robot detection.
KW - Markov Clustering Algorithm; Web Robot Detection; Web Crawler; Malicious Web Agents; Fuzzy Rough Set Theory
UR - http://www.sciencedirect.com/science/article/pii/S0957417417304116
U2 - 10.1016/j.eswa.2017.06.004
DO - 10.1016/j.eswa.2017.06.004
M3 - Article
JO - Expert Systems with Applications
JF - Expert Systems with Applications
ER -