In this paper, the problem of measuring normality in HTTP traffic for the purpose of anomaly-based network intrusion detection is addressed. The work carried out is expressed in two steps: first, some statistical analysis of both normal and hostile traffic is presented. The experimental results of this study reveal that certain features extracted from HTTP requests can be used to distinguish an...

Leakage of private information from web applications— even when the traffic is encrypted—is a major security threat to many applications that use HTTP for data delivery. This paper considers the problem of inferring from encrypted HTTP traffic the web sites or web pages visited by a user. Existing browser-side approaches to this problem cannot defend against more advanced attacks, and serversid...

Understanding the nature and structure of web traffic is essential for valid simulations of networking technologies that affect the end-to-end performance of HTTP connections. We provide data suitable for the construction of synthetic web traffic generators and in doing so retrospectively examine the evolution of web traffic. We use a simple and efficient analysis methodology based on the exami...

The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshak...

Web traffic accounts for more than half of Internet traffic today. Camouflaging covert timing channels in Web traffic would be advantageous for concealment. In this paper, we investigate the possibility of disguising network covert timing channels as HTTP traffic to avoid detection. Extensive research has shown that Internet traffic, including HTTP traffic, exhibits self-similarity and long ran...

We discuss the performance effects of using per-transaction TCP connections for HTTP access, and the proposed optimizations of avoiding per-transaction re-connection and TCP slow-start restart overheads. We analyzed the performance penalties of the interaction of HTTP and TCP. Our observations indicate that the proposed optimizations do not affect Web access for the vast majority of users. Most...

abstract—today, botnets have become a serious threat to enterprise networks. by creation of network of bots, they launch several attacks, distributed denial of service attacks (ddos) on networks is a sample of such attacks. such attacks with the occupation of system resources, have proven to be an effective method of denying network services. botnets that launch http packet flood attacks agains...

TDMA based wireless mesh networks have gained prominence as some of the recent standards such as WiMAX and 802.11s have proposed the use of TDMA based MAC protocol for mesh networks. Even though HTTP web browsing traffic constitutes a significant percentage of Internet traffic, but as of yet there have been no attempts to study the performance of HTTP based web browsing traffic in TDMA mesh net...