Decrypting SSL/TLS traffic for hidden threats detection

Радівілова, Тамара; Kirichenko, Lyudmyla; Ageyev, Dmytro; Tawalbeh, Maxim; Bulakh, Vitalii

doi:10.1109/dessert.2018.8409116

Cited by 41 publications

(16 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A qualitative method allows to perform a risk assessment faster, but the estimates and results are more subjective and do not provide a clear picture of the damage, costs and benefits of implementing ISMS [10]. It should be noted that at this time, the main approaches to information technology risk management are based on the requirements of the Information Management and Audit Standard Cobit v.5.0; Risk Management Guidelines for Information Technology NIST 800-30; ISO / IEC 27000 and ISO / IEC 31000 series standards [3], BSI-Standards from IT-Grundschutz, etc.…”

Section: B Qualitative Methodsmentioning

confidence: 99%

Use of Approaches to the Methodology of Factor Analysis of Information Risks for the Quantitative Assessment of Information Risks Based on the Formation of Cause-And-Effect Links

Dobrynin

Радівілова

Maltseva

et al. 2018

2018 International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T)

Self Cite

View full text Add to dashboard Cite

The paper suggests methods to the assessment of information risks, which makes the transition from a qualitative assessment of information risks (according to the factor analysis of information risks methodology) to a quantitative assessment. The development factor analysis of information risks methodology of the methodology was carried out using the mathematical apparatus of probability theory, namely Bayesian networks. A comparative analysis of the standard factor analysis of information risks methodology and the developed methodology using statistical data was carried out. During the analysis, the cause and effect relationships of the confidentiality violation have been formed, defined and given in the corresponding table and in the form of the Ishikawa diagram. As an example, it was calculated the amount of risk the company may be exposed to in case of violation of information confidentiality according to the standard factor analysis of information risks methodology and the developed methodology. It is shown that the use of proposed technique allows quantifying the risk assessment that can be obtained using the factor analysis of information risks methodology.

show abstract

Section: B Qualitative Methodsmentioning

confidence: 99%

Use of Approaches to the Methodology of Factor Analysis of Information Risks for the Quantitative Assessment of Information Risks Based on the Formation of Cause-And-Effect Links

Dobrynin

Радівілова

Maltseva

et al. 2018

2018 International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T)

Self Cite

View full text Add to dashboard Cite

show abstract

“…The proposed strategy was utilized for distant connection eavesdropping, enabling transmitted data to be decrypted in a near real-time mode. There have been two fundamental inspection mechanisms for SSL/TLS traffic, depending on what kind of pertinent information and certificates are obtainable and how the devices are installed on the network [47,48]. Figure 11 is the sample simulation of benign traffic while Figures 12-15 are the sample simulations of Neris botnets, Rbot botnets Donbot botnets and Sogou botnets, respectively.…”

Section: Dataset and Experimental Setupmentioning

confidence: 99%

An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers

et al. 2019

View full text Add to dashboard Cite

In recent years, the botnets have been the most common threats to network security since it exploits multiple malicious codes like a worm, Trojans, Rootkit, etc. The botnets have been used to carry phishing links, to perform attacks and provide malicious services on the internet. It is challenging to identify Peer-to-peer (P2P) botnets as compared to Internet Relay Chat (IRC), Hypertext Transfer Protocol (HTTP) and other types of botnets because P2P traffic has typical features of the centralization and distribution. To resolve the issues of P2P botnet identification, we propose an effective multi-layer traffic classification method by applying machine learning classifiers on features of network traffic. Our work presents a framework based on decision trees which effectively detects P2P botnets. A decision tree algorithm is applied for feature selection to extract the most relevant features and ignore the irrelevant features. At the first layer, we filter non-P2P packets to reduce the amount of network traffic through well-known ports, Domain Name System (DNS). query, and flow counting. The second layer further characterized the captured network traffic into non-P2P and P2P. At the third layer of our model, we reduced the features which may marginally affect the classification. At the final layer, we successfully detected P2P botnets using decision tree Classifier by extracting network communication features. Furthermore, our experimental evaluations show the significance of the proposed method in P2P botnets detection and demonstrate an average accuracy of 98.7%.

show abstract

“…HTTPS response time analysis from network traffic can be based on TLS session data decryption [9], [10], [19]. However, in most networking scenarios, decryption is not possible, and a blind traffic analysis is the only option.…”

Section: Https Analysismentioning

confidence: 99%