HTTP Packet Inspection Policy for Improvising Internal Network Security

Kuldeep, Tomar; Tyagi, S. S.

doi:10.5815/ijcnis.2014.11.05

Cited by 3 publications

(2 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Service-specific IDSs have been proposed where the anomaly score of a request is calculated using three properties: type of the request, length of the request and payload distribution [9]. Also, many apparoaches regarding web logging and parameter inspection can be found in the literature [10], [11], [12], [13]. Investigation of anomalous activity in HTTP GET requests and the parameters used to pass values to server-side programs were performed in [14].…”

Section: B Related Workmentioning

confidence: 99%

Artificially Augmented Training for Anomaly-based Network Intrusion Detection Systems

Karuppanchetty¹,

Edmonds²,

Kim³

et al. 2015

IJCNIS

View full text Add to dashboard Cite

Attacks on web servers are becoming increasingly prevalent; the resulting social and economic impact of successful attacks is also exacerbated by our dependency on web-based applications. There are many existing attack detection and prevention schemes, which must be carefully configured to ensure their efficacy. In this paper, we present a study challenges that arise in training network payload anomaly detection schemes that utilize collected network traffic for tuning and configuration. The advantage of anomaly-based intrusion detection is in its potential for detecting zero day attacks. These types of schemes, however, require extensive training to properly model the normal characteristics of the system being protected. Usually, training is done through the use of real data collected by monitoring the activity of the system. In practice, network operators or administrators may run into cases where they have limited availability of such data. This issue can arise due to the system being newly deployed (or heavily modified) or due to the content or behavior that leads to normal characterization having been changed. We show that artificially generated packet payloads can be used to effectively augment the training and tuning. We evaluate the method using real network traffic collected at a server site; We illustrate the problem at first (use of highly variable and unsuitable training data resulting in high false positives of 3.6∼10%), then show improvements using the augmented training method (false positives as low as 0.2%). We also measure the impact on network performance, and present a lookup based optimization that can be used to improve latency and throughput.

show abstract

Section: B Related Workmentioning

confidence: 99%

Artificially Augmented Training for Anomaly-based Network Intrusion Detection Systems

Karuppanchetty¹,

Edmonds²,

Kim³

et al. 2015

IJCNIS

View full text Add to dashboard Cite

show abstract

“…The use of application program interfaces (APIs) provide high level of interoperability between different kinds of infrastructure, platform and software components. The most popular protocols [5], [6] for data communication over the web [7], [14] are HTTP and HTTPS. There are large number of APIs available now.…”

Section: Introductionmentioning

confidence: 99%

Slow flooding attack detection in cloud using change point detection approach

Singh¹,

Panda²,

Samra³

2018

IJET

View full text Add to dashboard Cite

Cloud computing is one of the high-demand services and prone to numerous types of attacks due to its Internet based backbone. Flooding based attack is one such type of attack over the cloud that exhausts the numerous resources and services of an individual or an enterprise by way of sending useless huge traffic. The nature of this traffic may be of slow or fast type. Flooding attacks are caused by way of sending massive volume of packets of TCP, UDP, ICMP traffic and HTTP Posts. The legitimate volume of traffic is suppressed and lost in traffic flooding traffics. Early detection of such attacks helps in minimization of the unauthorized utilization of resources on the target machine. Various inbuilt load balancing and scalability options to absorb flooding attacks are in use by cloud service providers up to ample extent still to maintain QoS at the same time by cloud service providers is a challenge. In this proposed technique. Change Point detection approach is proposed here to detect flooding DDOS attacks in cloud which are based on the continuous variant pattern of voluminous (flooding) traffic and is calculated by using various traffic data based metrics that are primary and computed in nature. Golden ration is used to compute the threshold and this threshold is further used along with the computed metric values of normal and malicious traffic for flooding attack detection. Traffic of websites is observed by using remote java script.

show abstract

Ameliorate Security by Introducing Security Server in Software Defined Network

Vijila¹,

Raj²

2020

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

HTTP Packet Inspection Policy for Improvising Internal Network Security

Cited by 3 publications

References 15 publications

Artificially Augmented Training for Anomaly-based Network Intrusion Detection Systems

Artificially Augmented Training for Anomaly-based Network Intrusion Detection Systems

Slow flooding attack detection in cloud using change point detection approach

Ameliorate Security by Introducing Security Server in Software Defined Network

Contact Info

Product

Resources

About