Bulletin of Networking, Computing, Systems, and Software

Internal network security threats are becoming increasingly dangerous and difficult to detect when cyber criminals tend to take advantage of web technology as a medium for communication. Web traffic generated by non-human activities such as bot-nets or worms exhausts a networks resources, deludes people and affects network security. This paper proposes a new method to detect abnormal web traffics in a network. It introduces two features: malicious-server-degree and abnormal-traffic-score, those are based on characteristics of a connection graph model for web access data. These features filter out suspicious clients generated abnormal traffics. The experiment specifically shows different levels of potential anomalous traffics for each suspicious client. The detected abnormal web traffic is easy to be visually seen, and the method is simply implemented even in large networks.