The week's pick
Reseach Article
A Rule based Http Anomaly Classifier
| International Journal of Computer Applications |
| Foundation of Computer Science (FCS), NY, USA |
| Volume 106 - Number 16 |
| Year of Publication: 2014 |
| Authors: Sandeep Sahu, Amit Kumar Dewangan |
10.5120/18606-9901
|
Sandeep Sahu, Amit Kumar Dewangan . A Rule based Http Anomaly Classifier. International Journal of Computer Applications. 106, 16 ( November 2014), 32-37. DOI=10.5120/18606-9901
Abstract
Ever since the inception of internet network security has been the prime important area of research for computer scientists. Network security using Honeypot presents a system that pretends to have one or more network vulnerabilities that a blackhat is looking for. Actually it does not have those vulnerabilities; it does so just to deceive the intruder by stealthily monitoring the network. Honeypots are emerging technology and have got lot of attention of late. In this research work, our system uses the advantages of Honeypot for implementing an intrusion detection system. There are two major part of our research work. First is data accumulator and second is data analyzer. For data accumulation, we have used honeypot. We have also used open source tool Honeyd which is available free of cost. Honeyd is a powerful tool which can simulate even complex networks very easily. Second part is data analyzer which analyzes data captured by the Honeyd. This part of the system is basically a java based Intrusion detection system which can work along honeyd system. This is a basic pattern based IDS which uses snort rule base to detect intrusion. It is a feature rich data analyzer which can detect intrusion. Function of the system is quite simple it reads the data logged by the honeypot system and looks for intrusion pattern of rule base into the packets. This analyzer can work in both offline and online mode; in online mode it reads data directly from the network interface card while in offline mode it reads data from binary files (tcpdump) which also gives it an advantage that it can analyze data from other resources as well.
References
- Dustin Lee, Jeff Rowe, Calvin Ko, Karl Levitt, "Detecting and Defending against Web-Server Fingerprinting",IEEE Computer Society , PP. 321-330, 2002.
- R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang and S. Zhou"Specification-based Anomaly Detection : A New Approach for Detecting Network Intrusions",ACM 1-58113-612-9/02/0011, PP. 18-22 , 2002.
- Talasila Vamsidhar, Reddyboina Ashok and RayalaVenkat, "Intrusion Detection System for Web Application With Attack Classification" , Journal of Global Research in Computer Science ,Volume 3, No. 12, PP. 44-50, 2012.
- V. Jyothsna,V. V. Rama Prasad ,K. Munivara Prasad , "A Review of Anomaly based Intrusion Detection Systems", International Journal of Computer Applications, Volume 28– No. 7, PP. 26-35, 2011.
- Juan M. Estevez-Tapiador, Pedro Garcia-Teodoro, Jesus E. D?az-Verdejo "Measuring normality in HTTP traffic for anomaly-based intrusion detection", Elsevier Computer Networks, Volume 45, PP. 175–193 , 2004.
- Niels Provos , "Honeyd: A Virtual Honeypot Daemon ", Center for InformationTechnology Integration University of Michigan.
Index Terms
Keywords