Open Access Open Access  Restricted Access Subscription Access

A Hybrid Intrusion Detection Model for Web Log-Based Attacks

Junwei Zou,
Dan Tao,
Jing Yu,


Attacks against web-based applications is one of the most serious network security threats. Currently, web-based attacks are so complex that single detection method cannot cope with the emerging attacks. Motivated by this, we efficiently merge misuse detection as well as anomaly detection, and propose a hybrid intrusion detection model for web log-based attacks. In this hybrid model, the malicious logs, which cannot be detected by the misuse detection model, will be loaded into the anomaly detection model for a second check. Firstly, we analyze the inherent features of HTTP logs and thus set up the rule base so as to identify the known web log-based attacks. Moreover, we utilize the K-means clustering algorithm of data mining for logs to construct the normal behavior library so as to distinguish between normal behavior and abnormal behavior. Finally, we evaluate the performance of our solutions using massive realistic web logs. A series of experimental data demonstrate the effectiveness of our hybrid model that contributes to simultaneously achieve high detection rate and low false alarm rate.


Web log attack; Intrusion detection; Misuse detection; Anomaly detection; K-means clustering

Citation Format:
Junwei Zou, Dan Tao, Jing Yu, "A Hybrid Intrusion Detection Model for Web Log-Based Attacks," Journal of Internet Technology, vol. 18, no. 4 , pp. 887-895, Jul. 2017.

Full Text:



  • There are currently no refbacks.

Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Library and Information Center, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd. Shoufeng, Hualien 97401, Taiwan, R.O.C.
Tel: +886-3-931-7017  E-mail: