Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A Novel Approach to Intrusion Detection in Encrypted Environments


     

   Subscribe/Renew Journal


Nowadays, the Internet is established in numerous areas of everyday life.  In recent years the Internet has evolved in to a critical communication infrastructure that is omnipresent in almost all aspects of daily life. This dependence of modern societies on the Internet has also resulted in more criminals using the Internet for their purposes, causing a steady increase of attacks, both in terms of quantity as well as quality. Attacks against web applications constitute a serious problem. Intrusion Detection Systems (IDSes) are one solution, however, these systems do not work effectively when the accesses are encrypted by protocols. Because the IDSes inspect the contents of a packet, it is difficult to find attacks by the current IDS. This approach applies encrypted traffic analysis to intrusion detection, which analyzes contents of encrypted traffic using only data size and timing without decryption. First, the system extracts information from encrypted traffic, which is a set comprising data size and timing or each web client. Second, the accesses are distinguished based on similarity of the information and access frequencies are calculated. Finally, malicious activities are detected according to rules generated from the frequency. The system does not extract private information or require enormous pre-operation beforehand, which are needed in conventional encrypted traffic analysis. Although research on the detection of attacks has been performed for several decades, today’s systems are not able to cope with modern attack vectors. One of the reasons is the increasing use of encrypted communication that strongly limits the detection of malicious activities. To overcome this shortcoming here present a new behavior-based detection architecture that uses similarity measurements to detect intrusions as well as insider activities like data exfiltration in encrypted environments. Similarity based intrusion and extrusion detection show that the system detects various attacks like SQL injection, DOS, Bruteforce Attacks with a high degree of accuracy.


Keywords

IDS, Encrypted Environment, SQL Injection, DOS, Bruteforce Attacks
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 241

PDF Views: 2




  • A Novel Approach to Intrusion Detection in Encrypted Environments

Abstract Views: 241  |  PDF Views: 2

Authors

Abstract


Nowadays, the Internet is established in numerous areas of everyday life.  In recent years the Internet has evolved in to a critical communication infrastructure that is omnipresent in almost all aspects of daily life. This dependence of modern societies on the Internet has also resulted in more criminals using the Internet for their purposes, causing a steady increase of attacks, both in terms of quantity as well as quality. Attacks against web applications constitute a serious problem. Intrusion Detection Systems (IDSes) are one solution, however, these systems do not work effectively when the accesses are encrypted by protocols. Because the IDSes inspect the contents of a packet, it is difficult to find attacks by the current IDS. This approach applies encrypted traffic analysis to intrusion detection, which analyzes contents of encrypted traffic using only data size and timing without decryption. First, the system extracts information from encrypted traffic, which is a set comprising data size and timing or each web client. Second, the accesses are distinguished based on similarity of the information and access frequencies are calculated. Finally, malicious activities are detected according to rules generated from the frequency. The system does not extract private information or require enormous pre-operation beforehand, which are needed in conventional encrypted traffic analysis. Although research on the detection of attacks has been performed for several decades, today’s systems are not able to cope with modern attack vectors. One of the reasons is the increasing use of encrypted communication that strongly limits the detection of malicious activities. To overcome this shortcoming here present a new behavior-based detection architecture that uses similarity measurements to detect intrusions as well as insider activities like data exfiltration in encrypted environments. Similarity based intrusion and extrusion detection show that the system detects various attacks like SQL injection, DOS, Bruteforce Attacks with a high degree of accuracy.


Keywords


IDS, Encrypted Environment, SQL Injection, DOS, Bruteforce Attacks