Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Towards trapping wily intruders in the large
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
You Can Run, But You Can't Hide: An Effective Statistical Methodology to Trace Back DDoS Attackers
IEEE Transactions on Parallel and Distributed Systems
Realistic internet traffic simulation through mixture modeling and a case study
WSC '05 Proceedings of the 37th conference on Winter simulation
Detecting Stepping-Stone with Chaff Perturbations
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Intrusion Detection for Encrypted Web Accesses
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Tracing back attacks against encrypted protocols
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle
Computer Communications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
IEEE Communications Magazine
Tracing cyber attacks from the practical perspective
IEEE Communications Magazine
IEEE Journal on Selected Areas in Communications
Signaling game based strategy of intrusion detection in wireless sensor networks
Computers & Mathematics with Applications
International Journal of Sensor Networks
QoS2: a framework for integrating quality of security with quality of service
Security and Communication Networks
Robust network traffic identification with unknown applications
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Information Sciences: an International Journal
Hi-index | 0.00 |
The unbridled growth of the Internet and the network-based applications has contributed to enormous security leaks. Even the cryptographic protocols, which are used to provide secure communication, are often targeted by diverse attacks. Intrusion detection systems (IDSs) are often employed to monitor network traffic and host activities that may lead to unauthorized accesses and attacks against vulnerable services. Most of the conventional misuse-based and anomaly-based IDSs are ineffective against attacks targeted at encrypted protocols since they heavily rely on inspecting the payload contents. To combat against attacks on encrypted protocols, we propose an anomaly-based detection system by using strategically distributed monitoring stubs (MSs). We have categorized various attacks against cryptographic protocols. The MSs, by sniffing the encrypted traffic, extract features for detecting these attacks and construct normal usage behavior profiles. Upon detecting suspicious activities due to the deviations from these normal profiles, the MSs notify the victim servers, which may then take necessary actions. In addition to detecting attacks, the MSs can also trace back the originating network of the attack. We call our unique approach DTRAB since it focuses on both Detection and TRAceBack in the MS level. The effectiveness of the proposed detection and traceback methods are verified through extensive simulations and Internet datasets.