Web Attack Detection Using Chromatography-Like Entropy Analysis

Web services are mostly attacked in various ways directly and indirectly. We calculate the Shannon entropy from web server log files, especially access logs, and then estimate the entropy distance to detect intrusions and identified them by distinct attack word lists as general, cross-site script, and SQL injection attacks. The experiment shows that our proposed chromatography-like entropy analysis method can detect and identify these behaviors.