Title :
A first look at HTTP(S) intrusion detection using NetFlow/IPFIX
Author :
van der Toorn, Olivier ; Hofstede, Rick ; Jonker, Mattijs ; Sperotto, Anna
Author_Institution :
Centre for Telematics & Inf. Technol. (CTIT), Univ. of Twente, Enschede, Netherlands
Abstract :
Brute-force attacks against Web site are a common area of concern, both for Web site owners and hosters. This is mainly due to the impact of potential compromises resulting therefrom, and the increased load on the underlying infrastructure. The latter may even result in a Denial-of-Service (DoS). Detecting brute-force attacks - and ultimately mitigating them - is therefore of great importance. In this paper, we take the first step in this direction, by presenting a network-based approach for detecting HTTP(S) dictionary attacks using NetFlow/IPFIX. We have developed a prototype Intrusion Detection System (IDS), released as open-source software, by means of which we can achieve accuracies close to 100%.
Keywords :
Web sites; computer network security; hypermedia; public domain software; transport protocols; DoS; HTTP; IDS; NetFlow/IPFIX; Web site; brute-force attacks; denial-of-service; intrusion detection system; network-based approach; open-source software; Accuracy; Authentication; Band-pass filters; Dictionaries; Intrusion detection; Web servers; Web sites; Intrusion detection; Net-Flow/IPFIX; Network security;
Conference_Titel :
Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on
Conference_Location :
Ottawa, ON
DOI :
10.1109/INM.2015.7140395
