• DocumentCode
    717111
  • Title

    A first look at HTTP(S) intrusion detection using NetFlow/IPFIX

  • Author

    van der Toorn, Olivier ; Hofstede, Rick ; Jonker, Mattijs ; Sperotto, Anna

  • Author_Institution
    Centre for Telematics & Inf. Technol. (CTIT), Univ. of Twente, Enschede, Netherlands
  • fYear
    2015
  • fDate
    11-15 May 2015
  • Firstpage
    862
  • Lastpage
    865
  • Abstract
    Brute-force attacks against Web site are a common area of concern, both for Web site owners and hosters. This is mainly due to the impact of potential compromises resulting therefrom, and the increased load on the underlying infrastructure. The latter may even result in a Denial-of-Service (DoS). Detecting brute-force attacks - and ultimately mitigating them - is therefore of great importance. In this paper, we take the first step in this direction, by presenting a network-based approach for detecting HTTP(S) dictionary attacks using NetFlow/IPFIX. We have developed a prototype Intrusion Detection System (IDS), released as open-source software, by means of which we can achieve accuracies close to 100%.
  • Keywords
    Web sites; computer network security; hypermedia; public domain software; transport protocols; DoS; HTTP; IDS; NetFlow/IPFIX; Web site; brute-force attacks; denial-of-service; intrusion detection system; network-based approach; open-source software; Accuracy; Authentication; Band-pass filters; Dictionaries; Intrusion detection; Web servers; Web sites; Intrusion detection; Net-Flow/IPFIX; Network security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on
  • Conference_Location
    Ottawa, ON
  • Type

    conf

  • DOI
    10.1109/INM.2015.7140395
  • Filename
    7140395
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=717111