Detecting HTTP Tunneling Activities

Abstract

In this paper we present a novel intrusion detection system which makes use of behavior profiles to identify HyperText Transfer Protocol (HTTP) tunneling activities. Behavior profiles correspond to inherent attributes of application network sessions. Our system evaluates network behaviors at two different levels: a local multi-packet level and a session level. When suspicious behavior is detected, a verification module performs a detailed analysis of the corresponding session data. Currently, our system detects both malicious and unauthorized HTTP tunneling activities. Our experimental results show the effectiveness of our system and demonstrate the validity of using packet features for anomaly detection.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2002
Accession Number
ADA529552

Entities

People

  • Daniel J. Pack
  • Robert Cunningham
  • Seth Webster
  • William Streilein

Organizations

  • Massachusetts Institute of Technology

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Anomaly Detection
  • Change Detection
  • Detection
  • Detectors
  • False Alarms
  • Information Assurance
  • Internet
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Networks
  • Quantum Tunneling
  • Training
  • Tunneling
  • Warning Systems

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Computer Networking
  • Cybersecurity.