A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX

Olivier Isaac van der Toorn, R.J. Hofstede, Mattijs Jonker, Anna Sperotto

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    7 Citations (Scopus)
    450 Downloads (Pure)


    Brute-force attacks against Web site are a common area of concern, both for Web site owners and hosters. This is mainly due to the impact of potential compromises resulting therefrom, and the increased load on the underlying infrastructure. The latter may even result in a Denial-of-Service (DoS). Detecting brute-force attacks — and ultimately mitigating them — is therefore of great importance. In this paper, we take the first step in this direction, by presenting a network-based approach for detecting HTTP(S) dictionary attacks using NetFlow/IPFIX. We have developed a prototype Intrusion Detection System (IDS), released as open-source software, by means of which we can achieve accuracies close to 100%.
    Original languageUndefined
    Title of host publicationProceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)
    Place of PublicationUSA
    Number of pages4
    ISBN (Print)978-3-901882-76-0
    Publication statusPublished - May 2015
    Event14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015: Integrated Management in the Age of Big Data - Shaw Centre, Ottawa, Canada
    Duration: 11 May 201515 May 2015
    Conference number: 14

    Publication series

    PublisherIEEE Communications Society


    Conference14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015
    Abbreviated titleIM 2015
    Internet address


    • EWI-26079
    • IR-96980
    • METIS-312637

    Cite this