Detection Mechanism of Attacking Web Service DoS using Self-Organizing Map

SOM(Self-Organizing Map)을 이용한 대용량 웹 서비스 DoS 공격 탐지 기법

  • 이형우 (한신대학교 컴퓨터공학부) ;
  • 서종원 (한신대학교 컴퓨터공학부)
  • Published : 2008.05.31


Web-services have originally been devised to share information as open services. In connection with it, hacking incidents have surged. Currently, Web-log analysis plays a crucial clue role in detecting Web-hacking. A growing number of cases are really related to perceiving and improving the weakness of Web-services based on Web-log analysis. Such as this, Web-log analysis plays a central role in finding out problems that Web has. Hence, Our research thesis suggests Web-DoS-hacking detective technique In the process of detecting such problems through SOM algorithm, the emergence frequency of BMU(Best Matching Unit) was studied, assuming the unit with the highest emergence frequency, as abnormal, and the problem- detection technique was recommended through the comparison of what's called BMU as input data.


Web-Log;Attack Detection;Self-Organizing Map(SOM)


  1. 정보통신부 한국인터넷진흥원, “2007년 상반기 정보화 실태조사 요약보고서,” 2007.
  3. R. Fielding, J. Gettys, J. C. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. L. Berners, Network Working Group, Request for Comments 2616, “Hypertext Transfer Protocol - HTTP/1.1,” pp.45, 1999(6).
  4. K. Christopher, V. Giovanni, "Anomaly Detection of Web-based Attacks," CCS'03, Washington, DC, USA, pp.27-31, 2003(10).
  5. 이준섭, 김상록, 이민수, 조상현, 차성덕, 한국과학기술원(KAIST) 전산학과, "대용량 웹 로그에서의 규칙 기반 침입 탐지 시스템 적용의 방법과 한계성", 한국정보보호학회 하계 학술대회 CISC, Vol.17, 2007(8).
  6. J. E. Dayhoff, "Neural Network Architectures - An Introduction," Van Nostrand Reinhold, New Yock, 1990.
  7. V. Juha, H. Jonhan, A. Esa, and P. Juha, "SOM Toolbox for Matlab 5," SOM Toolbox Team Helsinki University of Technology, 2000(4).
  8. T. Kohonen, E. Oja, O. Simula, A. Visa, and J. Kangas, "Engineering applications of the self-organizing map," Proceedings of the IEEE, Vol.84, No.10, pp.1358-1384, 1996.
  9. C. Y. Christopher, C. Hsinchun, and H. Kay, "Exploring the World Wide Web with Self-Organizing Map," WWW conference, 2002.
  10. A. S. Kata, N. Alan, "Web page clustering using a self-organizing map of user navigation patterns," Special Issue, Web data mining, Vol.35, No.2, pp.245-256, 2003.
  11. D. Chen, J. C. Patra, and C. P. Fu, "Personalized Web search with self-organizing map," e-Technology, e-Commerce and e-Service, IEEE APOS'05. Proceedings, pp.144-147, 2005.
  12. L. L. DeLooze, "Attack Characterization and Intrusion Detection using an Ensemble of Self-Organizing Maps," Information Assurance Workshop, pp.108-115, 2006.
  13. 김상록, 이민수, 이준섭, 조상현, 차성덕, 한국과학기술원(KAIST) 전산학과, "대용량 웹 로그 대상 이상탐지를 위한 이상 특성 추출", 한국정보보호학회 하계 학술대회 CISC, Vol.17, 2007(8).