Title :
A portable microcontroller-based HTTP tunnelling activity detection system
Author :
Pack, Daniel J. ; Mullins, Barry E.
Author_Institution :
Dept. of Electr. Eng., US Air Force Acad., Colorado Springs, CO, USA
Abstract :
In this paper we present a portable fuzzy-logic based intrusion detection system that makes use of behavior profiles and signature matching techniques to detect Hyper Text Transfer Protocol (HTTP) tunnelling activities. The HTTP tunnelling is defined as techniques to use the HTTP protocol to encapsulate illegal and harmful messages within HTTP data. The portable system, whose function is governed by a Motorola 68HC12 microcontroller, is designed to detect both malicious and unauthorized HTTP tunnelling activities: (1) interactive tunnelling sessions, (2) scripted tunnelling sessions, and (3) unauthorized video and audio stream sessions. Preliminary experimental data show the validity of the proposed system.
Keywords :
data encapsulation; hypermedia; microcontrollers; transport protocols; Hyper Text Transfer Protocol; Motorola 68HC12 microcontroller; interactive tunnelling session; message encapsulation; microcontroller based HTTP tunnelling; scripted tunnelling session; tunnelling activity detection system; Engines; Fuzzy logic; Gas detectors; Intrusion detection; Liquid crystal displays; Microcontrollers; Network servers; Protection; Protocols; Tunneling;
Conference_Titel :
Systems, Man and Cybernetics, 2003. IEEE International Conference on
Print_ISBN :
0-7803-7952-7
DOI :
10.1109/ICSMC.2003.1244631
