Experimenting with an Intrusion Detection System for Encrypted Networks
International Journal of Business Intelligence and Data Mining
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
SSHCure: a flow-based SSH intrusion detection system
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
Hi-index | 0.00 |
The percentage of encrypted network traffic increases steadily not only by virtual private networks of companies but also by protocols like SSH or SSL in the private sector. Traditional intrusion detection systems (IDS) are not able to cope with encrypted traffic. There are a few systems which are able to handle encrypted lines but none of them is applicable in general because of changed network protocols, a restricted application range (e.g., only able to find protocol-specific attacks) or very high false alarm rates. We propose a new IDS for non-intrusive, behavior-based intrusion- and extrusion detection in encrypted environments.