httpHunting: An IBR Approach to Filtering Dangerous HTTP Traffic

  • F. Fdez-Riverola
  • L. Borrajo
  • R. Laza
  • F. J. Rodríguez
  • D. Martínez
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4065)


Recently, there has been significant interest in applying artificial intelligence techniques to intrusion detection problem. To find the solution to the difficulties in acquiring and representing existing knowledge in almost systems, we proposed a novel instance-based intrusion detection system called httpHunting. It will provide a framework to intrusion detection problem, incorporating several artificial intelligence techniques that help to overcome some of those limitations. httpHunting is able to classify in real time, traffic data arriving at the network interface of the host that is protecting, detecting anomalous traffic patterns. From our initial experiments, we can conclude that there are important key benefits of such an approach to network traffic-filtering domain.


Intrusion Detection Intrusion Detection System Artificial Neuronal Network Intrusion Scenario National Computer Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Esmaili, M., Balachandran, B., Safavi-Naini, R., Pieprzyk, J.: Case-Based Reasoning for Intrusion Detection, 1063-9527/96. IEEE (1996)Google Scholar
  2. 2.
    Roesch, M.: Snort-—lightweight intrusion detection for networks. In: Proceedings of USENIX LISA 1999, USENIX Association, Berkeley, pp. 229–238 (1999), Also available online at:
  3. 3.
    Paxson, V.: Bro: A system for detecting network intruders in real-time. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, pp. 31–51. USENIX Association, Berkeley (1998)Google Scholar
  4. 4.
    Vigna, G., Kemmerer, R.A.: NetSTAT: A network-based intrusion detection system. Journal of Computer Security 7(1), 37–71 (1999)Google Scholar
  5. 5.
    Denning, D.E., Neumann, P.C.: Requirements and models for IDES - A real-time intrusion detection system. Tech. Rep., CSL, SRI International (1985)Google Scholar
  6. 6.
    Teng, H.S.: An expert system approach to security inspection of a VAXNMS system in a network environment. In: Proceedings of the 10th National Computer Security Conference, Baltimore (1987)Google Scholar
  7. 7.
    Lunt, T.E.: IDES: An intelligent system for detecting intruders. In: Proceedings of the Symposium: Computer Security, Threat and Countermeasures, Rome, Italy (1990)Google Scholar
  8. 8.
    Hubbards, B., Haley, T., McAuliffe, N., Schaefer, L., Kelem, N., Walcott, D., Feiertag, R., Schaefer, M.: Computer system intrusion detection. Tech. Rep. RADC-TR-90-4 13, Final Technical Report. Trusted Information Systems, Inc. (1990)Google Scholar
  9. 9.
    Vaccaro, H.S., Liepins, G.E.: Detection of anomalous computer session activity. In: Proceedings of 1989 lEEE Computer Society Symposium on Security and Privacy, Oakland, California, pp. 280–289, 1–3 (1989)Google Scholar
  10. 10.
    Sebring, M.M., Shellhouse, E., Hanna, M.E., Whitehurst, R.A.: Expert systems in intrusion detection: A case study. In: Proceedings of the 11th National Computer Security Conference, pp. 74–81 (1988)Google Scholar
  11. 11.
    Ilgun, K.: USTAT: A Real-time Intrusion Detection System for UNIX. In: Proceedings of the 1993 Computer Society Symposium on Research in Security and Privacy, Oakland, California, pp. 16–28. IEEE Computer Society Press, Los Alamitos (1993)CrossRefGoogle Scholar
  12. 12.
    Sobirey, M., Fischer-Hübner, S., Rannenberg, K.: Pseudonymous Audit for Privacy Enhanced Intrusion Detection. In: Yngström, L., Carlsen, J. (eds.) Information Security in Research and Business, Proceedings of the IFIP TC11 13th International Information Security Conference (SEC 1997). Copenhagen, Denmark, Chapman & Hall, London (1997)Google Scholar
  13. 13.
    Garvey, T.D., Lunt, T.F.: Model based intrusion detection. In: Proceedings of the 14th National Computer Security Conference, pp. 372–385 (1991)Google Scholar
  14. 14.
    Torres, E.: Sistema inmunológico para la detección de intrusos a nivel de protocolo HTTP. Proyecto de grado. Pntificia Universidad Javeriana (Colombia) (2003)Google Scholar
  15. 15.
    Elman, J.: Finding Structure in Time. Cognitive Science 14, 179–211 (1990)CrossRefGoogle Scholar
  16. 16.
    Zahedi, F.: Intelligent Systems for Business: Expert Systems with Neural Networks, Wadsworth, Belmont, CA (1993)Google Scholar
  17. 17.
    Spafford, E.H., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34(4), 547–570 (2000)CrossRefGoogle Scholar
  18. 18.
    Kolodner, J.: Case-Based Reasoning. Morgan Kaufmann, San Mateo (1993)Google Scholar
  19. 19.
    Esmaili, M., Safavi-Naini, R., Balachandran, B.M.: Autoguard: A continuous case-based intrusion detection system. In: Twentieth Australasian Computer Science Conference (1997)Google Scholar
  20. 20.
    Schwartz, D.G., Stoecklin, S., Yilmaz, E.: A Case-Based Approach to Network Intrusion Detection. In: Fifth International Conference on Information Fusion, IF 2002, Annapolis, MD, July 7-11, pp. 1084–1089 (2002)Google Scholar
  21. 21.
    Guha, R., Kachirski, O., Schwartz, D.G., Stoecklin, S., Yilmaz, E.: Case-based agents for packet-level intrusion detection in ad hoc networks. In: ISCIS XVII Seventeenth International Symposium on Computer and Information Sciences, Orlando, Florida, October 28-30 (2002)Google Scholar
  22. 22.
    Facca, F.M., Lanzi, P.M.: Mining interesting knowledge from weblogs: a survey. Data & Knowledge Engineering 53(3), 225–241 (2005)CrossRefGoogle Scholar
  23. 23.
    Witten, I., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques with Java Implementations. Edt. Morgan Kaufmann, San Francisco (1999)Google Scholar
  24. 24.
    Jain, A.K., Murty, M.N., Flynn, P.J.: Data clustering: A review. ACM Computing Surveys 31(3), 264–323 (1999)CrossRefGoogle Scholar
  25. 25.
    Graepel, T.: Statistical physics of clustering algortihms. Technical Report 171822, FB Physik, Institut fur Theoretische Physic (1998)Google Scholar
  26. 26.
    Jain, A.K., Dubes, R.C.: Algorithms for clustering data. Prentice-Hall advanced reference series. Prentice-Hall, Inc., NJ (1988)zbMATHGoogle Scholar
  27. 27.
    Gruber, T.: Towards Principles for the Design of Ontologies Used for Knowledge Sharing. International Journal of Human and Computer Studies 43(5/6) (1994)Google Scholar
  28. 28.
    Undercoffer, J., Joshi, A., Finin, T., Pinkston, J.: A Target-Centric Ontology for Intrusion Detection. In: 18th International Joint Conference on Artificial Intelligence, Acapulco, Mexico (2004)Google Scholar
  29. 29.
    Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms. ACM SIGGCOM Computer Comunications Reviews 34(2) (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • F. Fdez-Riverola
    • 1
  • L. Borrajo
    • 1
  • R. Laza
    • 1
  • F. J. Rodríguez
    • 1
  • D. Martínez
    • 2
  1. 1.Dept. InformáticaUniversity of Vigo, Escuela Superior de Ingeniería Informática, Edificio PolitécnicoOurenseSpain
  2. 2.Supercomputing Center of GaliciaSantiago de Compostela, A CoruñaSpain

Personalised recommendations