Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

Luxemburk, Jan; Hynek, Karel; Čejka, Tomáš

doi:10.1109/ccwc51732.2021.9375998

Cited by 11 publications

(8 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The behavior-based features are focused on describing the specific set of behaviors of the SFTS. The set of behavior- [47] 99.19 99.20 -CIC-Bell-DNS [22] Mahdavifar et al [22] 98.9 98.9 -Zebin et al [21] 99.98 99.91 -CIC-DoHBrw-2020 [8] MontazeriShatoori [8] -99.30 -DoH-Real-world [18] Jeřábek et al [9] 97.5 98.7 -HTTPS Brute-force [48] Luxemburk et al [10] 99.93 96.26 -Shafiq et al [49] 99.99 99.99 -Bot-IoT [50] Shafiq et al [51] 99.99 99.99 -Khacha et al [52] 99…”

Section: E Behavior-based Featuresmentioning

confidence: 99%

“…Since flows contain mainly information from packet headers and do not extract the payload, they are not affected by the payload encryption and are the ideal candidate for encrypted traffic monitoring. Many research works [3]- [5], [5]- [10] thus use it together with machine learning for encrypted traffic classification to increase visibility and identify encrypted malicious communication.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Network traffic classification based on periodic behavior detection

Koumar

Čejka

2022

2022 18th International Conference on Network and Service Management (CNSM)

View full text Add to dashboard Cite

Network traffic monitoring using IP flows is used to handle the current challenge of analyzing encrypted network communication. Nevertheless, the packet aggregation into flow records naturally causes information loss; therefore, this paper proposes a novel flow extension for traffic features based on the time series analysis of the Single Flow Time series, i.e., a time series created by the number of bytes in each packet and its timestamp. We propose 69 universal features based on the statistical analysis of data points, time domain analysis, packet distribution within the flow timespan, time series behavior, and frequency domain analysis. We have demonstrated the usability and universality of the proposed feature vector for various network traffic classification tasks using 15 well-known publicly available datasets. Our evaluation shows that the novel feature vector achieves classification performance similar or better than related works on both binary and multiclass classification tasks. In more than half of the evaluated tasks, the classification performance increased by up to 5 %.

show abstract

Section: E Behavior-based Featuresmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Network traffic classification based on periodic behavior detection

Koumar

Čejka

2022

2022 18th International Conference on Network and Service Management (CNSM)

View full text Add to dashboard Cite

show abstract

“…As with many protocols, HTTP and HTTPS protocols also have vulnerabilities. Attackers exploit these vulnerabilities and perform attacks such as Man in the VOLUME X, 2021 Middle (MITM), brute force, Distributed Denial of Service (DDoS), SQL Injection (SQLI), and Cross Site Scripting (XSS) attacks [3].…”

Section: Introductionmentioning

confidence: 99%

“…It has been reported that despite the inherent security measures implemented in HTTPS, information such as web page fingerprints, packet sizes, and timing information are leaked by HTTPS. Attackers, on the other hand, perform brute force attacks to predict the passwords of users with special lists prepared using such information [3].…”

Section: Introductionmentioning

confidence: 99%

“…Recently, Machine Learning (ML) and Deep Learning (DL) techniques in use cases that rely on recognizing patterns have proven themselves as better alternatives for particularly challenging attack detection scenarios. Since malicious attacks are intrinsically repetitive and involve codes that revolve around similar patterns, DL approaches are highly successful in recognizing these patterns [3][4][5][6][7][8][9].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Attack Detection Framework Based on BERT and Deep Learning

2022

View full text Add to dashboard Cite

Deep Learning (DL) and Natural Language Processing (NLP) techniques are improving and enriching with a rapid pace. Furthermore, we witness that the use of web applications is increasing in almost every direction in parallel with the related technologies. Web applications encompass a wide array of use cases utilizing personal, financial, defense, and political information (e.g., wikileaks incident). Indeed, to access and to manipulate such information are among the primary goals of attackers. Thus, vulnerability of the information targeted by adversaries is a vital problem and if such information is captured then the consequences can be devastating, which can, potentially, become national security risks in the extreme cases. In this study, as a remedy to this problem, we propose a novel model that is capable of distinguishing normal HTTP requests and anomalous HTTP requests. Our model employs NLP techniques, Bidirectional Encoder Representations from Transformers (BERT) model, and DL techniques. Our experimental results reveal that the proposed approach achieves a success rate over 99.98% and an F1 score over 98.70% in the classification of anomalous and normal requests. Furthermore, web attack detection time of our model is significantly lower (i.e., 0.4 ms) than the other approaches presented in the literature.

show abstract

Contextual authentication of users and devices using machine learning

Mahansaria,

Roy

2024

Computing

View full text Add to dashboard Cite

Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

Cited by 11 publications

References 13 publications

Network traffic classification based on periodic behavior detection

Network traffic classification based on periodic behavior detection

An Attack Detection Framework Based on BERT and Deep Learning

Contextual authentication of users and devices using machine learning

Contact Info

Product

Resources

About