article

Experimenting with an Intrusion Detection System for Encrypted Networks

Authors:

Jacob Zimmermann, and

Mark LooiAuthors Info & Claims

International Journal of Business Intelligence and Data Mining, Volume 5, Issue 2

Pages 172 - 191

https://doi.org/10.1504/IJBIDM.2010.031286

Published: 01 January 2010 Publication History

Abstract

Network-based Intrusion Detection Systems (NIDSs) analyse network traffic to detect instances of malicious activity. Typically, this is only possible when the network traffic is accessible for analysis. With the growing use of Virtual Private Networks (VPNs) that encrypt network traffic, the NIDS can no longer access this crucial audit data. In this paper, we present an implementation and evaluation of our approach proposed in Goh et al. (2009). It is based on Shamir's secret-sharing scheme and allows a NIDS to function normally in a VPN without any modifications and without compromising the confidentiality afforded by the VPN.

References

[1]

Abimbola, A., Munoz, J.M. and Buchanan, W.J. (2006) 'Nethost-sensor: investigating the capture of end-to-end encrypted intrusive data', Computers and Security, Vol. 25, No. 6, pp.445-451.

Digital Library

[2]

Diffie, W. and Hellman, M.E. (1976) 'New directions in cryptography', IEEE Transactions on Information Theory, Vol. 22, No. 6, November, pp.644-654.

Digital Library

[3]

Foroushani, V.A., Adibnia, F. and Hojati, E. (2008) 'Intrusion detection in encrypted accesses with SSH protocol to network public servers', International Conference on Computer and Communication Engineering (ICCCE'08), Kuala Lumpur, Malaysia, May, pp.314-318.

[4]

Goh, V.T., Zimmermann, J. and Looi, M. (2009) 'Towards intrusion detection for encrypted networks', 4th International Conference on Availability, Reliability and Security (ARES'09), March, IEEE Computer Society, Fukuoka, Japan, pp.540-545.

[5]

Joglekar, S.P. and Tate, S.R. (2004) 'Protomon: embedded monitors for cryptographic protocol intrusion detection and prevention', International Conference on Information Technology: Coding and Computing (ITCC'04), April, IEEE Computer Society, Las Vegas, Nevada, USA, pp.81-88.

Digital Library

[6]

Kent, S. and Atkinson, R. (1998a) 'RFC 2406: IP encapsulating security payload (ESP)', November.

[7]

Kent, S. and Atkinson, R. (1998b) 'RFC 2402: IP authentication header (AH)', November.

[8]

Md. Fadlullah, Z., Taleb, T., Ansari, N., Hashimoto, K., Miyake, Y., Nemotoi, Y. and Kato, N. (2007) 'Combating against attacks on encrypted protocols', IEEE International Conference on Communications (ICC'07), Glasgow, Scotland, June, pp.1211-1216.

[9]

Piccitto, D., Burschka, S. and Urvoy-Keller, G. (2007) Traffic Mining in IP Tunnels, Master's Thesis, Eurecom Institute, Sophia-Antipolis, France, September.

[10]

Psyco (2009) http://psyco.sourceforge.net/. This is an electronic document, Date retrieved: January 29, 2008.

[11]

Richardson, M.C. and Redelmeier, D.H. (2005) 'RFC 4322: opportunistic encryption using the internet key exchange (IKE)', December.

[12]

Roesch, M. (1999) 'Snort - lightweight intrusion detection for networks', 13th Large Installation System Administration Conference (LISA'99), November, Seattle, Washington, USA, pp.229-238.

Digital Library

[13]

Shamir, A. (1979) 'How to share a secret', Communications of the ACM, Vol. 22, No. 11, November, pp.612-613.

Digital Library

[14]

Tseng, C.H., Wang, S-H., Ko, C. and Levitt, K. (2006) 'DEMEM: distributed evidence-driven message exchange intrusion detection model for MANET', in Zamboni, D. and Krügel, C. (Eds.): 9th International Symposium on Recent Advances in Intrusion Detection (RAID'06), Volume 4219 of Lecture Notes in Computer Science, Springer-Verlag, Hamburg, Germany, September, pp.249-271.

Digital Library

[15]

Twisted (2009) http://twistedmatrix.com. This is an electronic document, Date retrieved: January 29, 2008.

[16]

Wagner, A., Dübendorfer, T., Hiestand, R., Göldi, C. and Plattner, B. (2006) 'A fast worm scan detection tool for VPN congestion avoidance', in Büschkes, R. and Laskov, P. (Eds.): 3rd International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA'06), Volume 4064 of Lecture Notes in Computer Science, July, Springer-Verlag, Berlin, Germany, pp.181-194.

Digital Library

[17]

Yamada, A., Miyake, Y., Takemori, K., Studer, A. and Perrig, A. (2007) 'Intrusion detection for encrypted web accesses', 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07), May, Niagara Falls, Canada, pp.569-576.

Digital Library

[18]

Yasinsac, A. and Childs, J. (2001) 'Analyzing internet security protocols', 6th IEEE International Symposium on High Assurance Systems Engineering (HASE'01), IEEE Computer Society, Boca Raton, Florida, USA, October, pp.149-159.

Digital Library

Cited By

Schonberger APflugler CWirtz G(2018)Translating shared state based ebXML BPSS models to WS-BPELInternational Journal of Business Intelligence and Data Mining10.1504/IJBIDM.2010.0361265:4(398-442)Online publication date: 15-Dec-2018
https://dl.acm.org/doi/10.1504/IJBIDM.2010.036126
Koch RRodosek G(2010)Security system for encrypted environments (S2E2)Proceedings of the 13th international conference on Recent advances in intrusion detection10.5555/1894166.1894209(505-507)Online publication date: 15-Sep-2010
https://dl.acm.org/doi/10.5555/1894166.1894209

Index Terms

Experimenting with an Intrusion Detection System for Encrypted Networks

Index terms have been assigned to the content through auto-classification.

Recommendations

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Read More
Overview of intrusion detection and intrusion prevention
InfoSecCD '08: Proceedings of the 5th annual conference on Information security curriculum development

This report provides an overview of IPS systems. In the first section a comparison of IDS and IPS is made, where an IPS system is defined as an integration of IDS and a firewall. The second section describes what is needed to set up an IPS system. In ...
Read More
Intrusion detection system using honeypots and swarm intelligence
ACAI '11: Proceedings of the International Conference on Advances in Computing and Artificial Intelligence

As the number and size of the Network and Internet traffic increase and the need for the intrusion detection grows in step to reduce the overhead required for the intrusion detection and diagnosis, it has made public servers increasingly vulnerable to ...
Read More

Comments

Information & Contributors

Information

Published In

cover image International Journal of Business Intelligence and Data Mining

International Journal of Business Intelligence and Data Mining Volume 5, Issue 2

January 2010

95 pages

ISSN:1743-8195

EISSN:1743-8187

Issue’s Table of Contents

Publisher

Inderscience Publishers

Geneva 15, Switzerland

Publication History

Published: 01 January 2010

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Schonberger APflugler CWirtz G(2018)Translating shared state based ebXML BPSS models to WS-BPELInternational Journal of Business Intelligence and Data Mining10.1504/IJBIDM.2010.0361265:4(398-442)Online publication date: 15-Dec-2018
https://dl.acm.org/doi/10.1504/IJBIDM.2010.036126
Koch RRodosek G(2010)Security system for encrypted environments (S2E2)Proceedings of the 13th international conference on Recent advances in intrusion detection10.5555/1894166.1894209(505-507)Online publication date: 15-Sep-2010
https://dl.acm.org/doi/10.5555/1894166.1894209

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents