Host-based Web Anomaly Intrusion Detection System, an Artificial Immune System Approach

Recently, the shortcomings of current security solutions in protecting web servers and web applications against web-based attacks have encouraged many researchers to work on web intrusion detection systems (WIDSs). In this paper, a host-based web anomaly detection system is presented which analyzes the POST and GET requests processed and logged in web servers’ access log files. A special kind of web access log file is introduced which eliminates the shortcomings of common log files for defining legitimate users’ sessions boundaries. Different features are extracted from this access log file in order to model the operations of the system. For the detection task, we propose the use of a novel approach inspired by the natural immune system. The capability of the proposed mechanism is evaluated by comparing the results to some well-known neural networks. The results indicate high ability of the immune inspired system in detecting suspicious activities.