JOURNAL OF THE FACULTY OF ENGINEERING AND ARCHITECTURE OF GAZI UNIVERSITY, vol.31, no.3, pp.646-655, 2016 (SCI-Expanded)
Firewalls, intrusion detection and prevention systems are used to protect web applications against network attacks. HTTP is also used to attack to web applications. HTTP request detections are performed in order to prevent these attacks. In this study, a new hybrid model is proposed which uses signature-based detection and anomaly based detection to prevent web-based attacks. Some types of web-based known attacks detection were implemented by signature-based detection. Anomaly based detection were implemented by bayes classification, which is a data mining technique, using features of Alfanumeric Character, Letter Frequency and Request Length. Because signature based detection is faster than anomaly based detection, signature based detection database is updated with detected anomaly HTTP requests obtained by anomaly based detection. Proposed model was tested by using CSIC 2010, ECML-PKDD 2007 and WUGD 2015 dataset which is generated during this study. According to the test results; anomaly based detection was conducted with a high mean achievement percentage (95,1%). The test results were compared with some similar studies. According to the comparison results, proposed model provided high performance and low false positive rate compared to the other studies.