A portable microcontroller-based HTTP tunnelling activity detection system

Author

Pack, Daniel J. ; Mullins, Barry E.

Author_Institution

Dept. of Electr. Eng., US Air Force Acad., Colorado Springs, CO, USA

Volume

2

fYear

2003

fDate

5-8 Oct. 2003

Firstpage

1544

Abstract

In this paper we present a portable fuzzy-logic based intrusion detection system that makes use of behavior profiles and signature matching techniques to detect Hyper Text Transfer Protocol (HTTP) tunnelling activities. The HTTP tunnelling is defined as techniques to use the HTTP protocol to encapsulate illegal and harmful messages within HTTP data. The portable system, whose function is governed by a Motorola 68HC12 microcontroller, is designed to detect both malicious and unauthorized HTTP tunnelling activities: (1) interactive tunnelling sessions, (2) scripted tunnelling sessions, and (3) unauthorized video and audio stream sessions. Preliminary experimental data show the validity of the proposed system.

Keywords

data encapsulation; hypermedia; microcontrollers; transport protocols; Hyper Text Transfer Protocol; Motorola 68HC12 microcontroller; interactive tunnelling session; message encapsulation; microcontroller based HTTP tunnelling; scripted tunnelling session; tunnelling activity detection system; Engines; Fuzzy logic; Gas detectors; Intrusion detection; Liquid crystal displays; Microcontrollers; Network servers; Protection; Protocols; Tunneling;

fLanguage

English

Publisher

ieee

Conference_Titel

Systems, Man and Cybernetics, 2003. IEEE International Conference on

ISSN

1062-922X

Print_ISBN

0-7803-7952-7

Type

conf

DOI

10.1109/ICSMC.2003.1244631

Filename

1244631