The UGR analyses the modelling of the behaviour of the communication networks in hacking detection

The Department of Electronics of the University of Granada (Universidad de Granada [http://www.ugr.es])has published in the international journal Computer Networks a paper suggesting a series of techniques to model the normal traffic in the Internet and identify hackings based on anomalies detection.

Specifically, the techniques have been focused on the protocol HTTP “with which more than 70% of the network activity works, such as the main trade services of the web”, Juan Manuel Estévez Tapiador, author of the paper together with Pedro García Teodoro and Jesús Díaz Verdejo, points out.

The work has developed in two phases: statistical analysis of normal and hostile traffic and proposal of a new approach to detect attacks in HTTP traffic. The first stage is useful to define statistically, by means iof techniques such as Markov chains, a notion of the normal behaviour of a network and the later detection of anomalous happenings when operating. “In general, the concept of attack is not well defined unless we start from a security policy, established by the system administrator to keep the control of the network”, Estévez says.

The idea is to design warnings as counter-measures to tackle the threats of the Internet. These works mean an improvement of present IDS. They are softwares (computer programs) capable of monitoring everything happening in the Internet, such as users' requests addressed to web servers. Definitely, everything that enters or leaves the Internet, identifying if it keeps with the normal activity or there is somebody trying to violate the security system.

Doctoral thesis

The Department of Electronics of the UGR has proposed a general methodology to build detectors, including aspects like where they must be placed in the Internet and what kind of information must be supervised. The article starts from a theoretical review of previous contributions carried out by a research group of the University of California on security in the Internet and has opened a door to design new detection techniques, the topic of Estévez Tapiador's doctoral thesis, read in 2004.