DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis

Authors:
Zubair M. Fadlullah;Tarik Taleb;Athanasios V. Vasilakos;Mohsen Guizani;Nei Kato
Affiliations:
Graduate School of Information Sciences, Tohoku University, Sendai, Japan;NEC Europe Ltd., Heidelberg, Germany;Department of Computer and Telecommunications Engineering, University of Western Macedonia, Kozani, Greece;Kuwait University, Safat, Kuwait;Graduate School of Information Sciences, Tohoku University, Sendai, Japan
Venue:
IEEE/ACM Transactions on Networking (TON)
Year:
2010

Citing 18
Cited 5

Detection of abrupt changes: theory and application

Detection of abrupt changes: theory and application
Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Towards trapping wily intruders in the large

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Change-Point Monitoring for the Detection of DoS Attacks

IEEE Transactions on Dependable and Secure Computing
You Can Run, But You Can't Hide: An Effective Statistical Methodology to Trace Back DDoS Attackers

IEEE Transactions on Parallel and Distributed Systems
Realistic internet traffic simulation through mixture modeling and a case study

WSC '05 Proceedings of the 37th conference on Winter simulation
Detecting Stepping-Stone with Chaff Perturbations

AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Intrusion Detection for Encrypted Web Accesses

AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Remote timing attacks are practical

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Analysis of the SSL 3.0 protocol

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Tracing back attacks against encrypted protocols

IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle

Computer Communications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
On IP traceback

IEEE Communications Magazine
Tracing cyber attacks from the practical perspective

IEEE Communications Magazine
Early detection and prevention of denial-of-service attacks: a novel mechanism with propagated traced-back attack blocking

IEEE Journal on Selected Areas in Communications

Signaling game based strategy of intrusion detection in wireless sensor networks

Computers & Mathematics with Applications
Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods

International Journal of Sensor Networks
QoS2: a framework for integrating quality of security with quality of service

Security and Communication Networks
Robust network traffic identification with unknown applications

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications

Information Sciences: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

The unbridled growth of the Internet and the network-based applications has contributed to enormous security leaks. Even the cryptographic protocols, which are used to provide secure communication, are often targeted by diverse attacks. Intrusion detection systems (IDSs) are often employed to monitor network traffic and host activities that may lead to unauthorized accesses and attacks against vulnerable services. Most of the conventional misuse-based and anomaly-based IDSs are ineffective against attacks targeted at encrypted protocols since they heavily rely on inspecting the payload contents. To combat against attacks on encrypted protocols, we propose an anomaly-based detection system by using strategically distributed monitoring stubs (MSs). We have categorized various attacks against cryptographic protocols. The MSs, by sniffing the encrypted traffic, extract features for detecting these attacks and construct normal usage behavior profiles. Upon detecting suspicious activities due to the deviations from these normal profiles, the MSs notify the victim servers, which may then take necessary actions. In addition to detecting attacks, the MSs can also trace back the originating network of the attack. We call our unique approach DTRAB since it focuses on both Detection and TRAceBack in the MS level. The effectiveness of the proposed detection and traceback methods are verified through extensive simulations and Internet datasets.