A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX

Olivier Isaac van der Toorn, R.J. Hofstede, Mattijs Jonker, Anna Sperotto

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    3 Citations (Scopus)
    73 Downloads (Pure)

    Abstract

    Brute-force attacks against Web site are a common area of concern, both for Web site owners and hosters. This is mainly due to the impact of potential compromises resulting therefrom, and the increased load on the underlying infrastructure. The latter may even result in a Denial-of-Service (DoS). Detecting brute-force attacks — and ultimately mitigating them — is therefore of great importance. In this paper, we take the first step in this direction, by presenting a network-based approach for detecting HTTP(S) dictionary attacks using NetFlow/IPFIX. We have developed a prototype Intrusion Detection System (IDS), released as open-source software, by means of which we can achieve accuracies close to 100%.
    Original languageUndefined
    Title of host publicationProceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)
    Place of PublicationUSA
    PublisherIEEE Communications Society
    Pages862-865
    Number of pages4
    ISBN (Print)978-3-901882-76-0
    DOIs
    Publication statusPublished - May 2015
    EventIFIP/IEEE International Symposium on Integrated Network Management 2015: Integrated Management in the Age of Big Data - Ottawa, Canada
    Duration: 11 May 201515 May 2015
    http://im2015.ieee-im.org/

    Publication series

    Name
    PublisherIEEE Communications Society

    Conference

    ConferenceIFIP/IEEE International Symposium on Integrated Network Management 2015
    Abbreviated titleIM 2015
    CountryCanada
    CityOttawa
    Period11/05/1515/05/15
    Internet address

    Keywords

    • EWI-26079
    • IR-96980
    • METIS-312637

    Cite this

    van der Toorn, O. I., Hofstede, R. J., Jonker, M., & Sperotto, A. (2015). A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX. In Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015) (pp. 862-865). USA: IEEE Communications Society. https://doi.org/10.1109/INM.2015.7140395
    van der Toorn, Olivier Isaac ; Hofstede, R.J. ; Jonker, Mattijs ; Sperotto, Anna. / A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX. Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA : IEEE Communications Society, 2015. pp. 862-865
    @inproceedings{05825ab76eaf46beab1b387eef5e0194,
    title = "A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX",
    abstract = "Brute-force attacks against Web site are a common area of concern, both for Web site owners and hosters. This is mainly due to the impact of potential compromises resulting therefrom, and the increased load on the underlying infrastructure. The latter may even result in a Denial-of-Service (DoS). Detecting brute-force attacks — and ultimately mitigating them — is therefore of great importance. In this paper, we take the first step in this direction, by presenting a network-based approach for detecting HTTP(S) dictionary attacks using NetFlow/IPFIX. We have developed a prototype Intrusion Detection System (IDS), released as open-source software, by means of which we can achieve accuracies close to 100{\%}.",
    keywords = "EWI-26079, IR-96980, METIS-312637",
    author = "{van der Toorn}, {Olivier Isaac} and R.J. Hofstede and Mattijs Jonker and Anna Sperotto",
    note = "eemcs-eprint-26079",
    year = "2015",
    month = "5",
    doi = "10.1109/INM.2015.7140395",
    language = "Undefined",
    isbn = "978-3-901882-76-0",
    publisher = "IEEE Communications Society",
    pages = "862--865",
    booktitle = "Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)",
    address = "United States",

    }

    van der Toorn, OI, Hofstede, RJ, Jonker, M & Sperotto, A 2015, A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX. in Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). IEEE Communications Society, USA, pp. 862-865, IFIP/IEEE International Symposium on Integrated Network Management 2015, Ottawa, Canada, 11/05/15. https://doi.org/10.1109/INM.2015.7140395

    A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX. / van der Toorn, Olivier Isaac; Hofstede, R.J.; Jonker, Mattijs; Sperotto, Anna.

    Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA : IEEE Communications Society, 2015. p. 862-865.

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX

    AU - van der Toorn, Olivier Isaac

    AU - Hofstede, R.J.

    AU - Jonker, Mattijs

    AU - Sperotto, Anna

    N1 - eemcs-eprint-26079

    PY - 2015/5

    Y1 - 2015/5

    N2 - Brute-force attacks against Web site are a common area of concern, both for Web site owners and hosters. This is mainly due to the impact of potential compromises resulting therefrom, and the increased load on the underlying infrastructure. The latter may even result in a Denial-of-Service (DoS). Detecting brute-force attacks — and ultimately mitigating them — is therefore of great importance. In this paper, we take the first step in this direction, by presenting a network-based approach for detecting HTTP(S) dictionary attacks using NetFlow/IPFIX. We have developed a prototype Intrusion Detection System (IDS), released as open-source software, by means of which we can achieve accuracies close to 100%.

    AB - Brute-force attacks against Web site are a common area of concern, both for Web site owners and hosters. This is mainly due to the impact of potential compromises resulting therefrom, and the increased load on the underlying infrastructure. The latter may even result in a Denial-of-Service (DoS). Detecting brute-force attacks — and ultimately mitigating them — is therefore of great importance. In this paper, we take the first step in this direction, by presenting a network-based approach for detecting HTTP(S) dictionary attacks using NetFlow/IPFIX. We have developed a prototype Intrusion Detection System (IDS), released as open-source software, by means of which we can achieve accuracies close to 100%.

    KW - EWI-26079

    KW - IR-96980

    KW - METIS-312637

    U2 - 10.1109/INM.2015.7140395

    DO - 10.1109/INM.2015.7140395

    M3 - Conference contribution

    SN - 978-3-901882-76-0

    SP - 862

    EP - 865

    BT - Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015)

    PB - IEEE Communications Society

    CY - USA

    ER -

    van der Toorn OI, Hofstede RJ, Jonker M, Sperotto A. A First Look at HTTP(S) Intrusion Detection using NetFlow/IPFIX. In Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM 2015). USA: IEEE Communications Society. 2015. p. 862-865 https://doi.org/10.1109/INM.2015.7140395