Research Article
Coordinated Web Scan Detection Based on Hierarchical Correlation
@INPROCEEDINGS{10.1007/978-3-030-21373-2_30, author={Jing Yang and Liming Wang and Zhen Xu and Jigang Wang and Tian Tian}, title={Coordinated Web Scan Detection Based on Hierarchical Correlation}, proceedings={Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13--14, 2019, Proceedings}, proceedings_a={SPNCE}, year={2019}, month={6}, keywords={Web security Coordinated scan Hierarchical correlation Cyber security}, doi={10.1007/978-3-030-21373-2_30} }- Jing Yang
Liming Wang
Zhen Xu
Jigang Wang
Tian Tian
Year: 2019
Coordinated Web Scan Detection Based on Hierarchical Correlation
SPNCE
Springer
DOI: 10.1007/978-3-030-21373-2_30
Abstract
Web scan is one of the most common network attacks on the Internet, in which an adversary probes one or more websites to discover exploitable information in order to perform further cyber attacks. For a coordinated web scan, an adversary controls multiple sources to achieve a large-scale scanning as well as detection evasion. In this paper, a novel detection approach based on hierarchical correlation is proposed to identify coordinated web campaigns from the labelled malicious sources. The semantic correlation is used to identify the malicious sources scanning the similar contents, and the temporal-spatial correlation is employed to identify malicious campaigns from the semantic correlation results. In both correlation phases, we convert the clustering problem into the group partition problem and propose a greedy algorithm to solve it. The evaluation shows that our algorithm is effective in detecting coordinated web scan attacks, since the metric Precision for detection can achieve 1.0, and the metric Rand Index for clustering is 0.984.