Behavior-based intrusion detection in encrypted environments

Koch, Robert; Golling, Mario; Rodosek, Gabi Dreo

doi:10.1109/mcom.2014.6852093

Cited by 24 publications

(11 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In our review, we observed that quite a large number of countermeasures are either not evaluated at all ( [23], [40], [45] , [48] , [49] , [62] , [75] , [88] , [91] , [67] , [92] , [105] , [110], [111], [114], [137], [141], [154], , [160], [174], , [175]) or evaluated weakly ( [60], [70], [100], [109], [132], [138], [147], [158], [161], [165], [171]). We consider an evaluation as weak evaluation when the system is evaluated with a small dataset (e.g.…”

Section: Discussionmentioning

confidence: 99%

“…We consider an evaluation as weak evaluation when the system is evaluated with a small dataset (e.g. [132], [138], [147], [171]), or just one type of data (e.g. [70], [100], [165]), or restricted to a specific case (e.g.…”

Section: Discussionmentioning

confidence: 99%

“…Koch et al [138] present a behaviour-based intrusion detection system for encrypted environments. Unlike traditional intrusion detection systems that require some signature database or learning process, this approach uses the concept of majority decision, which means statistics in the majority for a certain feature (delay between packets or number of packets) are considered benign traffic while those in minority are considered malicious.…”

Section: Unsupervised Modementioning

confidence: 99%

See 2 more Smart Citations

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

104

View full text Add to dashboard Cite

Context: One of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing number of data exfiltration incidents, a large number of data exfiltration countermeasures have been developed. These countermeasures aim to detect, prevent, or investigate exfiltration of sensitive or private data. With the growing interest in data exfiltration, it is important to review data exfiltration attack vectors and countermeasures to support future research in this field. Objective: This paper is aimed at identifying and critically analysing data exfiltration attack vectors and countermeasures for reporting the status of the art and determining gaps for future research. Method: We have followed a structured process for selecting 108 papers from seven publication databases. Thematic analysis method has been applied to analyse the extracted data from the reviewed papers. Results: We have developed a classification of (1) data exfiltration attack vectors used by external attackers and (2) the countermeasures in the face of external attacks. We have mapped the countermeasures to attack vectors. Furthermore, we have explored the applicability of various countermeasures for different states of data (i.e., in use, in transit, or at rest). Conclusion: This review has revealed that (a) most of the state of the art is focussed on preventive and detective countermeasures and significant research is required on developing investigative countermeasures that are equally important; (b) Several data exfiltration countermeasures are not able to respond in real-time, which specifies that research efforts need to be invested to enable them to respond in real-time (c) A number of data exfiltration countermeasures do not take privacy and ethical concerns into consideration, which may become an obstacle in their full adoption (d) Existing research is primarily focussed on protecting data in 'in use' state, therefore, future research needs to be directed towards securing data in 'in rest' and 'in transit' states (e) There is no standard or framework for evaluation of data exfiltration countermeasures. We assert the need for developing such an evaluation framework.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: Unsupervised Modementioning

confidence: 99%

See 1 more Smart Citation

Data exfiltration: A review of external attack vectors and countermeasures

Ullah

Edwards

Ramdhany

et al. 2018

Journal of Network and Computer Applications

104

View full text Add to dashboard Cite

show abstract

“…In this section, we evaluate the proposed PLIDS in terms of its ability to differentiate between friendly and hostile communication. Based on a confusion matrix, the following four types of alarms can be generated: 1)True Positive T + when PLIDS correctly detects physical‐layer intrusion. 2)True Negative T − when PLIDS correctly detects no intrusion. 3)False Positive F + when PLIDS incorrectly detects physical‐layer intrusion. 4)False Negative F − when PLIDS incorrectly detects no intrusion. …”

Section: Performance Evaluation and Analysismentioning

confidence: 99%

Physical‐layer intrusion detection system for smart jamming attacks

Yousaf

Loan

Babiceanu

et al. 2017

Trans Emerging Tel Tech

View full text Add to dashboard Cite

In modern electronic warfare, physical-layer security threats have evolved from traditional jammers to smart jammers. Smart jammers, due to their stealthy nature, make wireless communication systems vulnerable. They can easily deceive a detection system. In this paper, a physical-layer intrusion detection system (PLIDS) for direct-sequence spread-spectrum systems is developed against smart jammers, which is efficient due to its high detection rates, usability, and accuracy. Smart jamming noise is modeled as wide-sense stationary, additive, and colored. This random process is decomposed into a series expansion of independent and uncorrelated random variables. The decomposition helps in designing a signal processing algorithm for PLIDS. The algorithm is easily implemented via correlators. PLIDS is evaluated using a simulated electronic warfare environment, and its performance is measured in terms of detection capability, precision, and accuracy. It performs error-free detection by adjusting its tuning parameter. Moreover, different performance tradeoffs are observed for different values of the tuning parameter. Finally, comparisons of PLIDS are done with competitive intrusion detection systems.

show abstract

“…The key challenge is to reliably differentiate between legitimate users and attack traffic. There are two standard approaches used by Intrusion Detection Systems (IDS), these are knowledge-based intrusion detection and behaviour-based intrusion detection [20].…”

Section: A Intrusion Detectionmentioning

confidence: 99%

Intrusion Detection and Countermeasure of Virtual Cloud Systems - State of the Art and Current Challenges

Carlin¹,

Hammoudeh²,

Aldabbas³

2015

ijacsa

View full text Add to dashboard Cite

Abstract-Clouds are distributed Internet-based platforms that provide highly resilient and scalable environments to be used by enterprises in a multitude of ways. Cloud computing offers enterprises technology innovation that business leaders and IT infrastructure managers can choose to apply based on how and to what extent it helps them fulfil their business requirements. It is crucial that all technical consultants have a rigorous understanding of the ramifications of cloud computing as its influence is likely to spread the complete IT landscape. Security is one of the major concerns that is of practical interest to decision makers when they are making critical strategic operational decisions. Distributed Denial of Service (DDoS) attacks are becoming more frequent and effective over the past few years, since the widely publicised DDoS attacks on the financial services industry that came to light in September and October 2012 and resurfaced in the past two years. In this paper, we introduce advanced cloud security technologies and practices as a series of concepts and technology architectures, from an industry-centric point of view. This is followed by classification of intrusion detection and prevention mechanisms that can be part of an overall strategy to help understand identify and mitigate potential DDoS attacks on business networks. The paper establishes solid coverage of security issues related to DDoS and virtualisation with a focus on structure, clarity, and well-defined blocks for mainstream cloud computing security solutions and platforms. In doing so, we aim to provide industry technologists, who may not be necessarily cloud or security experts, with an effective tool to help them understand the security implications associated with cloud adoption in their transition towards more knowledge-based systems.

show abstract

Behavior-based intrusion detection in encrypted environments

Cited by 24 publications

References 8 publications

Data exfiltration: A review of external attack vectors and countermeasures

Data exfiltration: A review of external attack vectors and countermeasures

Physical‐layer intrusion detection system for smart jamming attacks

Intrusion Detection and Countermeasure of Virtual Cloud Systems - State of the Art and Current Challenges

Contact Info

Product

Resources

About