Eva Papadogiannaki, Giorgos Tsirantonakis, S. Ioannidis
{"title":"Network Intrusion Detection in Encrypted Traffic","authors":"Eva Papadogiannaki, Giorgos Tsirantonakis, S. Ioannidis","doi":"10.1109/DSC54232.2022.9888942","DOIUrl":null,"url":null,"abstract":"Traditional signature-based intrusion detection systems inspect packet headers and payloads to report any malicious or abnormal traffic behavior that is observed in the network. With the advent and rapid adoption of network encryption mechanisms, typical deep packet inspection systems that focus only on the processing of network packet payload contents are gradually becoming obsolete. Advancing intrusion detection tools to be also effective in encrypted networks is crucial. In this work, we propose a signature language indicating packet sequences. Signatures detect events of possible intrusions and malicious actions in encrypted networks using packet metadata. We demonstrate the effectiveness of this methodology using different tools for penetrating vulnerable web servers and a public dataset with traffic that originates from IoT malware. We implement the signature language and we integrate it into an intrusion detection system. Using our proposed methodology, the generated signatures can effectively and efficiently report intrusion attempts.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"184 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC54232.2022.9888942","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Traditional signature-based intrusion detection systems inspect packet headers and payloads to report any malicious or abnormal traffic behavior that is observed in the network. With the advent and rapid adoption of network encryption mechanisms, typical deep packet inspection systems that focus only on the processing of network packet payload contents are gradually becoming obsolete. Advancing intrusion detection tools to be also effective in encrypted networks is crucial. In this work, we propose a signature language indicating packet sequences. Signatures detect events of possible intrusions and malicious actions in encrypted networks using packet metadata. We demonstrate the effectiveness of this methodology using different tools for penetrating vulnerable web servers and a public dataset with traffic that originates from IoT malware. We implement the signature language and we integrate it into an intrusion detection system. Using our proposed methodology, the generated signatures can effectively and efficiently report intrusion attempts.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
