Combating against attacks on encrypted protocols

Zubair Md Fadlullah, Tarik Taleb, Nirwan Ansari, Kazuo Hashimoto, Yutake Miyake, Yoshiaki Nemoto, Nei Kato

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Attacks against encrypted protocols are becoming increasingly popular. They pose a serious challenge to the conventional Intrusion Detection Systems (IDSs) which heavily rely on inspecting the network packet fields and are consequently unable to monitor encrypted sessions. IDSs can be broadly categorized into two types: signature-based and anomaly-based IDSs. The signature-based IDSs rely on previous attack signatures but are often ineffective against new attacks. On the other hand, anomaly-based detection systems depend on detecting the change in the protocol behavior caused by an attack. The latter can be employed to detect novel attacks, and therefore are often preferred over their signature-based counterpart. In this paper, we envision an anomaly-based IDS which can detect attacks against popular encrypted protocols, such as SSH and SSL. The proposed system creates a normal behavior profile and uses nonparametric Cusum algorithm to detect deviation from the normal profile. Upon detecting an anomaly, the proposed mechanism generates an alert, sets a delay to the protocol response, and traces back the attacker. The effectiveness of the proposed detection scheme is verified via simulations.

Original languageEnglish
Title of host publicationIEEE International Conference on Communications
Pages1211-1216
Number of pages6
DOIs
Publication statusPublished - 2007
Externally publishedYes
Event2007 IEEE International Conference on Communications, ICC'07 - Glasgow, Scotland
Duration: 2007 Jun 242007 Jun 28

Other

Other2007 IEEE International Conference on Communications, ICC'07
CityGlasgow, Scotland
Period07/6/2407/6/28

Fingerprint

Intrusion detection
Packet networks

ASJC Scopus subject areas

  • Media Technology

Cite this

Fadlullah, Z. M., Taleb, T., Ansari, N., Hashimoto, K., Miyake, Y., Nemoto, Y., & Kato, N. (2007). Combating against attacks on encrypted protocols. In IEEE International Conference on Communications (pp. 1211-1216). [4288876] https://doi.org/10.1109/ICC.2007.205

Combating against attacks on encrypted protocols. / Fadlullah, Zubair Md; Taleb, Tarik; Ansari, Nirwan; Hashimoto, Kazuo; Miyake, Yutake; Nemoto, Yoshiaki; Kato, Nei.

IEEE International Conference on Communications. 2007. p. 1211-1216 4288876.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Fadlullah, ZM, Taleb, T, Ansari, N, Hashimoto, K, Miyake, Y, Nemoto, Y & Kato, N 2007, Combating against attacks on encrypted protocols. in IEEE International Conference on Communications., 4288876, pp. 1211-1216, 2007 IEEE International Conference on Communications, ICC'07, Glasgow, Scotland, 07/6/24. https://doi.org/10.1109/ICC.2007.205
Fadlullah ZM, Taleb T, Ansari N, Hashimoto K, Miyake Y, Nemoto Y et al. Combating against attacks on encrypted protocols. In IEEE International Conference on Communications. 2007. p. 1211-1216. 4288876 https://doi.org/10.1109/ICC.2007.205
Fadlullah, Zubair Md ; Taleb, Tarik ; Ansari, Nirwan ; Hashimoto, Kazuo ; Miyake, Yutake ; Nemoto, Yoshiaki ; Kato, Nei. / Combating against attacks on encrypted protocols. IEEE International Conference on Communications. 2007. pp. 1211-1216
@inproceedings{a127649871d44d7b9392a7988f94a688,
title = "Combating against attacks on encrypted protocols",
abstract = "Attacks against encrypted protocols are becoming increasingly popular. They pose a serious challenge to the conventional Intrusion Detection Systems (IDSs) which heavily rely on inspecting the network packet fields and are consequently unable to monitor encrypted sessions. IDSs can be broadly categorized into two types: signature-based and anomaly-based IDSs. The signature-based IDSs rely on previous attack signatures but are often ineffective against new attacks. On the other hand, anomaly-based detection systems depend on detecting the change in the protocol behavior caused by an attack. The latter can be employed to detect novel attacks, and therefore are often preferred over their signature-based counterpart. In this paper, we envision an anomaly-based IDS which can detect attacks against popular encrypted protocols, such as SSH and SSL. The proposed system creates a normal behavior profile and uses nonparametric Cusum algorithm to detect deviation from the normal profile. Upon detecting an anomaly, the proposed mechanism generates an alert, sets a delay to the protocol response, and traces back the attacker. The effectiveness of the proposed detection scheme is verified via simulations.",
author = "Fadlullah, {Zubair Md} and Tarik Taleb and Nirwan Ansari and Kazuo Hashimoto and Yutake Miyake and Yoshiaki Nemoto and Nei Kato",
year = "2007",
doi = "10.1109/ICC.2007.205",
language = "English",
isbn = "1424403537",
pages = "1211--1216",
booktitle = "IEEE International Conference on Communications",

}

TY - GEN

T1 - Combating against attacks on encrypted protocols

AU - Fadlullah, Zubair Md

AU - Taleb, Tarik

AU - Ansari, Nirwan

AU - Hashimoto, Kazuo

AU - Miyake, Yutake

AU - Nemoto, Yoshiaki

AU - Kato, Nei

PY - 2007

Y1 - 2007

N2 - Attacks against encrypted protocols are becoming increasingly popular. They pose a serious challenge to the conventional Intrusion Detection Systems (IDSs) which heavily rely on inspecting the network packet fields and are consequently unable to monitor encrypted sessions. IDSs can be broadly categorized into two types: signature-based and anomaly-based IDSs. The signature-based IDSs rely on previous attack signatures but are often ineffective against new attacks. On the other hand, anomaly-based detection systems depend on detecting the change in the protocol behavior caused by an attack. The latter can be employed to detect novel attacks, and therefore are often preferred over their signature-based counterpart. In this paper, we envision an anomaly-based IDS which can detect attacks against popular encrypted protocols, such as SSH and SSL. The proposed system creates a normal behavior profile and uses nonparametric Cusum algorithm to detect deviation from the normal profile. Upon detecting an anomaly, the proposed mechanism generates an alert, sets a delay to the protocol response, and traces back the attacker. The effectiveness of the proposed detection scheme is verified via simulations.

AB - Attacks against encrypted protocols are becoming increasingly popular. They pose a serious challenge to the conventional Intrusion Detection Systems (IDSs) which heavily rely on inspecting the network packet fields and are consequently unable to monitor encrypted sessions. IDSs can be broadly categorized into two types: signature-based and anomaly-based IDSs. The signature-based IDSs rely on previous attack signatures but are often ineffective against new attacks. On the other hand, anomaly-based detection systems depend on detecting the change in the protocol behavior caused by an attack. The latter can be employed to detect novel attacks, and therefore are often preferred over their signature-based counterpart. In this paper, we envision an anomaly-based IDS which can detect attacks against popular encrypted protocols, such as SSH and SSL. The proposed system creates a normal behavior profile and uses nonparametric Cusum algorithm to detect deviation from the normal profile. Upon detecting an anomaly, the proposed mechanism generates an alert, sets a delay to the protocol response, and traces back the attacker. The effectiveness of the proposed detection scheme is verified via simulations.

UR - http://www.scopus.com/inward/record.url?scp=38549179979&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38549179979&partnerID=8YFLogxK

U2 - 10.1109/ICC.2007.205

DO - 10.1109/ICC.2007.205

M3 - Conference contribution

SN - 1424403537

SN - 9781424403530

SP - 1211

EP - 1216

BT - IEEE International Conference on Communications

ER -