Generally, a proxy server is a computer network service that allows client applications, such as a Web browser, to make indirect network connections to other network services. Typically, a client computer connects to the proxy server and then requests a connection, file, or other resource available on a remote Internet server. The proxy provides the resource, possibly by connecting to the remote Internet server, or by serving it from a cache.
Over the years, enterprises have used proxy servers within their Intranets to provide end-users with access to the Internet. Use of proxy servers by end-users, however, has unwittingly increased the likelihood of a network attack on organizational Intranets. For example, end-user Internet activity may unknowingly access applications, such as malware—software designed to take over and/or damage a computer's operating system, spyware—software designed to intercept or take partial control of a computer's operation, and botnets—a collection of software robots that run autonomously on one or more computers, all of which utilize web proxy servers to bypass corporate network controls and cause Intranet disruption. In many instances, these applications are encrypted and not visible to security analysis tools.
As a result, there is a need for an efficient technique to detect end-user Internet activity that may compromise the network security of enterprises.