부산대학교 도서관

Internet services and web-based applications are used in important and sensitive areas such as e-commerce, e-learning, e-health care, and e-payment. The protection of those services and applications has become a major issue. This paper proposes a new method based on differential analyses. The main idea is to detect sudden changes in the statistical distribution of some characteristics of the traffic including its origin and its destination (IP address, protocol and ports). First, the difference between traffic distributions related to neighbor slices of times is measured using techniques such as Kullback–Leibler(KL)-Divergence or cosine similarity. After that, we apply clustering algorithms to decide whether the traffic involves sudden changes. We also endow the approach with a special kind of temporal logic to give end users a wide expressiveness during the specification of malicious traffics.