A Deep Learning Enabled Subspace Spectral Ensemble Clustering Approach for Web Anomaly Detection

With the development of the Internet, it is vital for the security of the Internet to detect web-based anomalies. Clustering based on feature extraction by manually has been verified as a significant way to detect new anomalies. But the presentations of these features can't express semantic information of the URLs. In addition, few studies try to cluster the anomalies into specific types like SQL-injection. In order to solve these two problems, we provide a deep learning enabled subspace spectral ensemble clustering approach for web anomaly detection called DEP-SSEC. This approach has three steps. Firstly, an ensemble clustering model is applied to separate anomalies from normal samples. Then we use word2vec to get the semantical presentations of anomalies. Finally, another multi-clustering approach clusters anomalies into specific types. Our approach is run on a real-life dataset. The result achieves about 0.8321 NMI and 0.8691 Rn, which demonstrates that our model has the ability to cluster anomalies into appropriate types.