Anomaly detection via high-dimensional data analysis on web access data.

• Other Authors: Suen, Ho Yan.
• Format: Others
• Language: English; Chinese
• Published: 2009
• Subjects: Anomaly detection (Computer security); Denial of service attacks; Internet searching > Mathematics
• Online Access: http://library.cuhk.edu.hk/record=b5894067; http://repository.lib.cuhk.edu.hk/en/item/cuhk-326945

Suen, Ho Yan. === Thesis (M.Phil.)--Chinese University of Hong Kong, 2009. === Includes bibliographical references (leaves 99-104). === Abstract also in Chinese. === Abstract --- p.i === Acknowledgement --- p.iv === Chapter 1 --- Introduction --- p.1 === Chapter 1.1 --- Motivation --- p.1 === Chapter 1.2 --- Organization --- p.4 === Chapter 2 --- Literature Review --- p.6 === Chapter 2.1 --- Related Works --- p.6 === Chapter 2.2 --- Background Study --- p.7 === Chapter 2.2.1 --- World Wide Web --- p.7 === Chapter 2.2.2 --- Distributed Denial of Service Attack --- p.11 === Chapter 2.2.3 --- Tools for Dimension Reduction --- p.13 === Chapter 2.2.4 --- Tools for Anomaly Detection --- p.20 === Chapter 2.2.5 --- Receiver operating characteristics (ROC) Analysis --- p.22 === Chapter 3 --- System Design --- p.25 === Chapter 3.1 --- Methodology --- p.25 === Chapter 3.2 --- System Overview --- p.27 === Chapter 3.3 --- Reference Profile Construction --- p.31 === Chapter 3.4 --- Real-time Anomaly Detection and Response --- p.32 === Chapter 3.5 --- Chapter Summary --- p.34 === Chapter 4 --- Reference Profile Construction --- p.35 === Chapter 4.1 --- Web Access Logs Collection --- p.35 === Chapter 4.2 --- Data Preparation --- p.37 === Chapter 4.3 --- Feature Extraction and Embedding Engine (FEE Engine) --- p.40 === Chapter 4.3.1 --- Sub-Sequence Extraction --- p.42 === Chapter 4.3.2 --- Hash Function on Sub-sequences (optional) --- p.45 === Chapter 4.3.3 --- Feature Vector Construction --- p.46 === Chapter 4.3.4 --- Diffusion Wavelets Embedding --- p.47 === Chapter 4.3.5 --- Numerical Example of Feature Set Reduction --- p.49 === Chapter 4.3.6 --- Reference Profile and Further Use of FEE Engine --- p.50 === Chapter 4.4 --- Chapter Summary --- p.50 === Chapter 5 --- Real-time Anomaly Detection and Response --- p.52 === Chapter 5.1 --- Session Filtering and Data Preparation --- p.54 === Chapter 5.2 --- Feature Extraction and Embedding --- p.54 === Chapter 5.3 --- Distance-based Outlier Scores Calculation --- p.55 === Chapter 5.4 --- Anomaly Detection and Response --- p.56 === Chapter 5.4.1 --- Length-Based Anomaly Detection Modules --- p.56 === Chapter 5.4.2 --- Characteristics of Anomaly Detection Modules --- p.59 === Chapter 5.4.3 --- Dynamic Threshold Adaptation --- p.60 === Chapter 5.5 --- Chapter Summary --- p.63 === Chapter 6 --- Experimental Results --- p.65 === Chapter 6.1 --- Experiment Datasets --- p.65 === Chapter 6.1.1 --- Normal Web Access Logs --- p.66 === Chapter 6.1.2 --- Attack Data Generation --- p.68 === Chapter 6.2 --- ROC Curve Construction --- p.70 === Chapter 6.3 --- System Parameters Selection --- p.71 === Chapter 6.4 --- Performance of Anomaly Detection --- p.82 === Chapter 6.4.1 --- Performance Analysis --- p.85 === Chapter 6.4.2 --- Performance in defending DDoS attacks --- p.87 === Chapter 6.5 --- Computation Requirement --- p.91 === Chapter 6.6 --- Chapter Summary --- p.95 === Chapter 7 --- Conclusion and Future Work --- p.96 === Bibliography --- p.99