Abnormal Web Traffic Detection Using Connection Graph

Manh Cong Tran, Lee Heejeong, Yasuhiro Nakamura


Internal network security threats are becoming increasingly dangerous and difficult to detect when cyber criminals tend to take advantage of web technology as a medium for communication. Web traffic generated by non-human activities such as bot-nets or worms exhausts a networks resources, deludes people and affects network security. This paper proposes a new method to detect abnormal web traffics in a network. It introduces two features: malicious-server-degree and abnormal-traffic-score, those are based on characteristics of a connection graph model for web access data. These features filter out suspicious clients generated abnormal traffics. The experiment specifically shows different levels of potential anomalous traffics for each suspicious client. The detected abnormal web traffic is easy to be visually seen, and the method is simply implemented even in large networks.


Abnormal detection; Web traffic; Connection graph; Intrusion detection

Full Text:



  • There are currently no refbacks.