Font Size:
Detecting anomalous Web server usage through mining access logs
Last modified: 2013-07-09
Abstract
Most operating systems services generate log files that can be used for debugging and supervision. One important function of log files is logging security related or debug information, for example logging unsuccessful authentication or error logging. This paper shows how to implement an anomaly detection process of web server's unexpected events using the the Apache web server's logs and applying supervised machine learning algorithms to extracted features. Also, we compare the classification performance of several algorithms that can be easily implemented in real-world scenarios.