Skip to main content
SpringerLink
Log in

httpHunting: An IBR Approach to Filtering Dangerous HTTP Traffic

  • Conference paper
Advances in Data Mining. Applications in Medicine, Web Mining, Marketing, Image and Signal Mining (ICDM 2006)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4065))

Included in the following conference series:

  • 1777 Accesses

Abstract

Recently, there has been significant interest in applying artificial intelligence techniques to intrusion detection problem. To find the solution to the difficulties in acquiring and representing existing knowledge in almost systems, we proposed a novel instance-based intrusion detection system called httpHunting. It will provide a framework to intrusion detection problem, incorporating several artificial intelligence techniques that help to overcome some of those limitations. httpHunting is able to classify in real time, traffic data arriving at the network interface of the host that is protecting, detecting anomalous traffic patterns. From our initial experiments, we can conclude that there are important key benefits of such an approach to network traffic-filtering domain.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Esmaili, M., Balachandran, B., Safavi-Naini, R., Pieprzyk, J.: Case-Based Reasoning for Intrusion Detection, 1063-9527/96. IEEE (1996)

    Google Scholar 

  2. Roesch, M.: Snort-—lightweight intrusion detection for networks. In: Proceedings of USENIX LISA 1999, USENIX Association, Berkeley, pp. 229–238 (1999), Also available online at: http://www.snort.org

  3. Paxson, V.: Bro: A system for detecting network intruders in real-time. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, pp. 31–51. USENIX Association, Berkeley (1998)

    Google Scholar 

  4. Vigna, G., Kemmerer, R.A.: NetSTAT: A network-based intrusion detection system. Journal of Computer Security 7(1), 37–71 (1999)

    Google Scholar 

  5. Denning, D.E., Neumann, P.C.: Requirements and models for IDES - A real-time intrusion detection system. Tech. Rep., CSL, SRI International (1985)

    Google Scholar 

  6. Teng, H.S.: An expert system approach to security inspection of a VAXNMS system in a network environment. In: Proceedings of the 10th National Computer Security Conference, Baltimore (1987)

    Google Scholar 

  7. Lunt, T.E.: IDES: An intelligent system for detecting intruders. In: Proceedings of the Symposium: Computer Security, Threat and Countermeasures, Rome, Italy (1990)

    Google Scholar 

  8. Hubbards, B., Haley, T., McAuliffe, N., Schaefer, L., Kelem, N., Walcott, D., Feiertag, R., Schaefer, M.: Computer system intrusion detection. Tech. Rep. RADC-TR-90-4 13, Final Technical Report. Trusted Information Systems, Inc. (1990)

    Google Scholar 

  9. Vaccaro, H.S., Liepins, G.E.: Detection of anomalous computer session activity. In: Proceedings of 1989 lEEE Computer Society Symposium on Security and Privacy, Oakland, California, pp. 280–289, 1–3 (1989)

    Google Scholar 

  10. Sebring, M.M., Shellhouse, E., Hanna, M.E., Whitehurst, R.A.: Expert systems in intrusion detection: A case study. In: Proceedings of the 11th National Computer Security Conference, pp. 74–81 (1988)

    Google Scholar 

  11. Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. In: Proceedings of the 1993 Computer Society Symposium on Research in Security and Privacy, Oakland, California, pp. 16–28. IEEE Computer Society Press, Los Alamitos (1993)

    Chapter  Google Scholar 

  12. Sobirey, M., Fischer-Hübner, S., Rannenberg, K.: Pseudonymous Audit for Privacy Enhanced Intrusion Detection. In: Yngström, L., Carlsen, J. (eds.) Information Security in Research and Business, Proceedings of the IFIP TC11 13th International Information Security Conference (SEC 1997). Copenhagen, Denmark, Chapman & Hall, London (1997)

    Google Scholar 

  13. Garvey, T.D., Lunt, T.F.: Model based intrusion detection. In: Proceedings of the 14th National Computer Security Conference, pp. 372–385 (1991)

    Google Scholar 

  14. Torres, E.: Sistema inmunológico para la detección de intrusos a nivel de protocolo HTTP. Proyecto de grado. Pntificia Universidad Javeriana (Colombia) (2003)

    Google Scholar 

  15. Elman, J.: Finding Structure in Time. Cognitive Science 14, 179–211 (1990)

    Article  Google Scholar 

  16. Zahedi, F.: Intelligent Systems for Business: Expert Systems with Neural Networks, Wadsworth, Belmont, CA (1993)

    Google Scholar 

  17. Spafford, E.H., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34(4), 547–570 (2000)

    Article  Google Scholar 

  18. Kolodner, J.: Case-Based Reasoning. Morgan Kaufmann, San Mateo (1993)

    Google Scholar 

  19. Esmaili, M., Safavi-Naini, R., Balachandran, B.M.: Autoguard: A continuous case-based intrusion detection system. In: Twentieth Australasian Computer Science Conference (1997)

    Google Scholar 

  20. Schwartz, D.G., Stoecklin, S., Yilmaz, E.: A Case-Based Approach to Network Intrusion Detection. In: Fifth International Conference on Information Fusion, IF 2002, Annapolis, MD, July 7-11, pp. 1084–1089 (2002)

    Google Scholar 

  21. Guha, R., Kachirski, O., Schwartz, D.G., Stoecklin, S., Yilmaz, E.: Case-based agents for packet-level intrusion detection in ad hoc networks. In: ISCIS XVII Seventeenth International Symposium on Computer and Information Sciences, Orlando, Florida, October 28-30 (2002)

    Google Scholar 

  22. Facca, F.M., Lanzi, P.M.: Mining interesting knowledge from weblogs: a survey. Data & Knowledge Engineering 53(3), 225–241 (2005)

    Article  Google Scholar 

  23. Witten, I., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques with Java Implementations. Edt. Morgan Kaufmann, San Francisco (1999)

    Google Scholar 

  24. Jain, A.K., Murty, M.N., Flynn, P.J.: Data clustering: A review. ACM Computing Surveys 31(3), 264–323 (1999)

    Article  Google Scholar 

  25. Graepel, T.: Statistical physics of clustering algortihms. Technical Report 171822, FB Physik, Institut fur Theoretische Physic (1998)

    Google Scholar 

  26. Jain, A.K., Dubes, R.C.: Algorithms for clustering data. Prentice-Hall advanced reference series. Prentice-Hall, Inc., NJ (1988)

    MATH  Google Scholar 

  27. Gruber, T.: Towards Principles for the Design of Ontologies Used for Knowledge Sharing. International Journal of Human and Computer Studies 43(5/6) (1994)

    Google Scholar 

  28. Undercoffer, J., Joshi, A., Finin, T., Pinkston, J.: A Target-Centric Ontology for Intrusion Detection. In: 18th International Joint Conference on Artificial Intelligence, Acapulco, Mexico (2004)

    Google Scholar 

  29. Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. ACM SIGGCOM Computer Comunications Reviews 34(2) (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. Informática, University of Vigo, Escuela Superior de Ingeniería Informática, Edificio Politécnico, Campus Universitario As Lagoas s/n, 32004, Ourense, Spain

    F. Fdez-Riverola, L. Borrajo, R. Laza & F. J. Rodríguez

  2. Supercomputing Center of Galicia, Avenida de Vigo, s/n Campus Sur, 15705, Santiago de Compostela, A Coruña, Spain

    D. Martínez

Authors
  1. F. Fdez-Riverola
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. L. Borrajo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. Laza
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. F. J. Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. D. Martínez
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Computer Vision and applied Computer Sciences, IBaI, Germany

    Petra Perner

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fdez-Riverola, F., Borrajo, L., Laza, R., Rodríguez, F.J., Martínez, D. (2006). httpHunting: An IBR Approach to Filtering Dangerous HTTP Traffic. In: Perner, P. (eds) Advances in Data Mining. Applications in Medicine, Web Mining, Marketing, Image and Signal Mining. ICDM 2006. Lecture Notes in Computer Science(), vol 4065. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11790853_8

Download citation

  • DOI: https://doi.org/10.1007/11790853_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36036-0

  • Online ISBN: 978-3-540-36037-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation