Abstract
Recently, there has been significant interest in applying artificial intelligence techniques to intrusion detection problem. To find the solution to the difficulties in acquiring and representing existing knowledge in almost systems, we proposed a novel instance-based intrusion detection system called httpHunting. It will provide a framework to intrusion detection problem, incorporating several artificial intelligence techniques that help to overcome some of those limitations. httpHunting is able to classify in real time, traffic data arriving at the network interface of the host that is protecting, detecting anomalous traffic patterns. From our initial experiments, we can conclude that there are important key benefits of such an approach to network traffic-filtering domain.
Keywords
- Intrusion Detection
- Intrusion Detection System
- Artificial Neuronal Network
- Intrusion Scenario
- National Computer Security
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Esmaili, M., Balachandran, B., Safavi-Naini, R., Pieprzyk, J.: Case-Based Reasoning for Intrusion Detection, 1063-9527/96. IEEE (1996)
Roesch, M.: Snort-—lightweight intrusion detection for networks. In: Proceedings of USENIX LISA 1999, USENIX Association, Berkeley, pp. 229–238 (1999), Also available online at: http://www.snort.org
Paxson, V.: Bro: A system for detecting network intruders in real-time. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, pp. 31–51. USENIX Association, Berkeley (1998)
Vigna, G., Kemmerer, R.A.: NetSTAT: A network-based intrusion detection system. Journal of Computer Security 7(1), 37–71 (1999)
Denning, D.E., Neumann, P.C.: Requirements and models for IDES - A real-time intrusion detection system. Tech. Rep., CSL, SRI International (1985)
Teng, H.S.: An expert system approach to security inspection of a VAXNMS system in a network environment. In: Proceedings of the 10th National Computer Security Conference, Baltimore (1987)
Lunt, T.E.: IDES: An intelligent system for detecting intruders. In: Proceedings of the Symposium: Computer Security, Threat and Countermeasures, Rome, Italy (1990)
Hubbards, B., Haley, T., McAuliffe, N., Schaefer, L., Kelem, N., Walcott, D., Feiertag, R., Schaefer, M.: Computer system intrusion detection. Tech. Rep. RADC-TR-90-4 13, Final Technical Report. Trusted Information Systems, Inc. (1990)
Vaccaro, H.S., Liepins, G.E.: Detection of anomalous computer session activity. In: Proceedings of 1989 lEEE Computer Society Symposium on Security and Privacy, Oakland, California, pp. 280–289, 1–3 (1989)
Sebring, M.M., Shellhouse, E., Hanna, M.E., Whitehurst, R.A.: Expert systems in intrusion detection: A case study. In: Proceedings of the 11th National Computer Security Conference, pp. 74–81 (1988)
Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. In: Proceedings of the 1993 Computer Society Symposium on Research in Security and Privacy, Oakland, California, pp. 16–28. IEEE Computer Society Press, Los Alamitos (1993)
Sobirey, M., Fischer-Hübner, S., Rannenberg, K.: Pseudonymous Audit for Privacy Enhanced Intrusion Detection. In: Yngström, L., Carlsen, J. (eds.) Information Security in Research and Business, Proceedings of the IFIP TC11 13th International Information Security Conference (SEC 1997). Copenhagen, Denmark, Chapman & Hall, London (1997)
Garvey, T.D., Lunt, T.F.: Model based intrusion detection. In: Proceedings of the 14th National Computer Security Conference, pp. 372–385 (1991)
Torres, E.: Sistema inmunológico para la detección de intrusos a nivel de protocolo HTTP. Proyecto de grado. Pntificia Universidad Javeriana (Colombia) (2003)
Elman, J.: Finding Structure in Time. Cognitive Science 14, 179–211 (1990)
Zahedi, F.: Intelligent Systems for Business: Expert Systems with Neural Networks, Wadsworth, Belmont, CA (1993)
Spafford, E.H., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34(4), 547–570 (2000)
Kolodner, J.: Case-Based Reasoning. Morgan Kaufmann, San Mateo (1993)
Esmaili, M., Safavi-Naini, R., Balachandran, B.M.: Autoguard: A continuous case-based intrusion detection system. In: Twentieth Australasian Computer Science Conference (1997)
Schwartz, D.G., Stoecklin, S., Yilmaz, E.: A Case-Based Approach to Network Intrusion Detection. In: Fifth International Conference on Information Fusion, IF 2002, Annapolis, MD, July 7-11, pp. 1084–1089 (2002)
Guha, R., Kachirski, O., Schwartz, D.G., Stoecklin, S., Yilmaz, E.: Case-based agents for packet-level intrusion detection in ad hoc networks. In: ISCIS XVII Seventeenth International Symposium on Computer and Information Sciences, Orlando, Florida, October 28-30 (2002)
Facca, F.M., Lanzi, P.M.: Mining interesting knowledge from weblogs: a survey. Data & Knowledge Engineering 53(3), 225–241 (2005)
Witten, I., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques with Java Implementations. Edt. Morgan Kaufmann, San Francisco (1999)
Jain, A.K., Murty, M.N., Flynn, P.J.: Data clustering: A review. ACM Computing Surveys 31(3), 264–323 (1999)
Graepel, T.: Statistical physics of clustering algortihms. Technical Report 171822, FB Physik, Institut fur Theoretische Physic (1998)
Jain, A.K., Dubes, R.C.: Algorithms for clustering data. Prentice-Hall advanced reference series. Prentice-Hall, Inc., NJ (1988)
Gruber, T.: Towards Principles for the Design of Ontologies Used for Knowledge Sharing. International Journal of Human and Computer Studies 43(5/6) (1994)
Undercoffer, J., Joshi, A., Finin, T., Pinkston, J.: A Target-Centric Ontology for Intrusion Detection. In: 18th International Joint Conference on Artificial Intelligence, Acapulco, Mexico (2004)
Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. ACM SIGGCOM Computer Comunications Reviews 34(2) (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fdez-Riverola, F., Borrajo, L., Laza, R., Rodríguez, F.J., Martínez, D. (2006). httpHunting: An IBR Approach to Filtering Dangerous HTTP Traffic. In: Perner, P. (eds) Advances in Data Mining. Applications in Medicine, Web Mining, Marketing, Image and Signal Mining. ICDM 2006. Lecture Notes in Computer Science(), vol 4065. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11790853_8
Download citation
DOI: https://doi.org/10.1007/11790853_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36036-0
Online ISBN: 978-3-540-36037-7
eBook Packages: Computer ScienceComputer Science (R0)