BlindIDS: Market-Compliant and Privacy-Friendly Intrusion Detection System over Encrypted Traffic

Sébastien Canard, Aïda Diop, Nizar Kheir, Marie Paindavoine, M. Sabt
{"title":"BlindIDS: Market-Compliant and Privacy-Friendly Intrusion Detection System over Encrypted Traffic","authors":"Sébastien Canard, Aïda Diop, Nizar Kheir, Marie Paindavoine, M. Sabt","doi":"10.1145/3052973.3053013","DOIUrl":null,"url":null,"abstract":"The goal of network intrusion detection is to inspect network traffic in order to identify threats and known attack patterns. One of its key features is Deep Packet Inspection (DPI), that extracts the content of network packets and compares it against a set of detection signatures. While DPI is commonly used to protect networks and information systems, it requires direct access to the traffic content, which makes it blinded against encrypted network protocols such as HTTPS. So far, a difficult choice was to be made between the privacy of network users and security through the inspection of their traffic content to detect attacks or malicious activities. This paper presents a novel approach that bridges the gap between network security and privacy. It makes possible to perform DPI directly on encrypted traffic, without knowing neither the traffic content, nor the patterns of detection signatures. The relevance of our work is that it preserves the delicate balance in the security market ecosystem. Indeed, security editors will be able to protect their distinctive detection signatures and supply service providers only with encrypted attack patterns. In addition, service providers will be able to integrate the encrypted signatures in their architectures and perform DPI without compromising the privacy of network communications. Finally, users will be able to preserve their privacy through traffic encryption, while also benefiting from network security services. The extensive experiments conducted in this paper prove that, compared to existing encryption schemes, our solution reduces by 3 orders of magnitude the connection setup time for new users, and by 6 orders of magnitude the consumed memory space on the DPI appliance.","PeriodicalId":20540,"journal":{"name":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","volume":"35 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2017-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"51","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3052973.3053013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 51

Abstract

The goal of network intrusion detection is to inspect network traffic in order to identify threats and known attack patterns. One of its key features is Deep Packet Inspection (DPI), that extracts the content of network packets and compares it against a set of detection signatures. While DPI is commonly used to protect networks and information systems, it requires direct access to the traffic content, which makes it blinded against encrypted network protocols such as HTTPS. So far, a difficult choice was to be made between the privacy of network users and security through the inspection of their traffic content to detect attacks or malicious activities. This paper presents a novel approach that bridges the gap between network security and privacy. It makes possible to perform DPI directly on encrypted traffic, without knowing neither the traffic content, nor the patterns of detection signatures. The relevance of our work is that it preserves the delicate balance in the security market ecosystem. Indeed, security editors will be able to protect their distinctive detection signatures and supply service providers only with encrypted attack patterns. In addition, service providers will be able to integrate the encrypted signatures in their architectures and perform DPI without compromising the privacy of network communications. Finally, users will be able to preserve their privacy through traffic encryption, while also benefiting from network security services. The extensive experiments conducted in this paper prove that, compared to existing encryption schemes, our solution reduces by 3 orders of magnitude the connection setup time for new users, and by 6 orders of magnitude the consumed memory space on the DPI appliance.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
盲点:市场兼容和隐私友好的加密流量入侵检测系统
网络入侵检测的目标是检查网络流量,以识别威胁和已知的攻击模式。它的关键特性之一是深度包检测(DPI),它提取网络数据包的内容,并将其与一组检测签名进行比较。虽然DPI通常用于保护网络和信息系统,但它需要直接访问流量内容,这使得它对HTTPS等加密网络协议视而不见。迄今为止,通过对网络用户的流量内容进行检查来检测攻击或恶意活动,在用户隐私和安全之间做出了艰难的选择。本文提出了一种弥合网络安全和隐私之间鸿沟的新方法。它可以在不知道流量内容和检测签名模式的情况下直接对加密流量执行DPI。我们工作的意义在于,它保持了证券市场生态系统的微妙平衡。事实上,安全编辑器将能够保护其独特的检测签名,并仅向服务提供者提供加密的攻击模式。此外,服务提供商将能够在其体系结构中集成加密签名,并在不损害网络通信隐私的情况下执行DPI。最后,用户将能够通过流量加密保护他们的隐私,同时也受益于网络安全服务。本文进行的大量实验证明,与现有的加密方案相比,我们的解决方案将新用户的连接建立时间减少了3个数量级,并将DPI设备上消耗的内存空间减少了6个数量级。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security How Discover a Malware using Model Checking Localization of Spoofing Devices using a Large-scale Air Traffic Surveillance System CoverUp: Privacy Through "Forced" Participation in Anonymous Communication Networks Session details: Password & Auth 1
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1