Analysis of Approaches to Detecting Attacks in Encrypted Traffic

DOI: https://doi.org/10.25559/SITITO.17.202104.922-931

Abstract

The automatic detection of network intrusions has been under active study since the 1980s. Of particular interest is the detection of attacks in encrypted web traffic, the percentage of which on the Internet is increasing.
The purpose of this article was to analyze possible approaches to detecting attacks in encrypted web traffic. Section 3 analyzes approaches based on unencrypted metadata as well as alternative cryptosystems. The main methods for controlling web traffic are the signature method (based on rules) and the behavioral method (based on anomaly detection). The task of analyzing encrypted traffic is not trivial, and it will be considered in the context of the second approach.
This article discusses machine learning methods suitable for solving the problem of encrypted traffic analysis, taking into account the existing practice of detecting attacks based on anomalies. Despite the great potential of cryptographic methods, the most practical approach, at the moment, is the analysis of metadata. Multilateral computing, which allows analysis of the payload of packets, but does not require conversion to alternative encryption, is also very promising.

Author Biography

Marina Sergeevna Polyanskaya, Lomonosov Moscow State University

Master degree student of the Chair of Information Security, Faculty of Computational Mathematics and Cybernetics

References

1. Wang Z., Fok K.W., Thing V.L.L. Machine learning for encrypted malicious traffic detection: Approaches, datasets and comparative study. Computers & Security. 2022; 113:102542. (In Eng.) doi: https://doi.org/10.1016/j.cose.2021.102542
2. Lakshmanarao A., Shashi M. A Survey On Machine Learning For Cyber Security. International Journal of Scientific & Technology Research. 2020; 9(01):499-502. Available at: https://www.ijstr.org/final-print/jan2020/-A-Survey-On-Machine-Learning-For-Cyber-Security.pdf (accessed 15.08.2021). (In Eng.)
3. Wang W., Zhu M., Zeng X., Ye X., Sheng Y. Malware traffic classification using convolutional neural network for representation learning. 2017 International Conference on Information Networking (ICOIN). IEEE Press, Da Nang, Vietnam; 2017. p. 712-717. (In Eng.) doi: https://doi.org/10.1109/ICOIN.2017.7899588
4. Alom Z., Bontupalli V.R., Taha T.M. Intrusion Detection Using Deep Belief Network and Extreme Learning Machine. In: Artificial Intelligence: Concepts, Methodologies, Tools, and Applications; ed. by Management Association, Information Resources. Hershey, PA: IGI Global; 2017. p. 357-378. (In Eng.) doi: https://doi.org/10.4018/978-1-5225-1759-7.ch014
5. Kim Ji., Kim Ja., Thi Thu H.L., Kim H. Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection. 2016 International Conference on Platform Technology and Service (PlatCon). IEEE Press, Jeju, Korea (South); 2016. p. 1-5. (In Eng.) doi: https://doi.org/10.1109/PlatCon.2016.7456805
6. Anderson B., McGrew D. Identifying Encrypted Malware Traffic with Contextual Flow Data. Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security (AISec'16). Association for Computing Machinery, New York, NY, USA; 2016. p. 35-46. (In Eng.) doi: https://doi.org/10.1145/2996758.2996768
7. Anderson B., Paul S., McGrew D. Deciphering malware's use of TLS (without decryption). Journal of Computer Virology and Hacking Techniques. 2018; 14(3):195-211. (In Eng.) doi: https://doi.org/10.1007/s11416-017-0306-6
8. Boneh D., Sahai A., Waters B. Functional encryption: a new vision for public-key cryptography. Communications of the ACM. 2012; 55(11):56-64. (In Eng.) doi: https://doi.org/10.1145/2366316.2366333
9. Rivest R.L., Adleman L., Dertouzos M.L. On Data Banks and Privacy Homomorphisms. In: DeMillo R.A. (Ed.) Foundations of Secure Computation. Academic Press, New York; 1978. p. 169-179. (In Eng.)
10. Gentry C., Halevi S. Implementing Gentry's Fully-Homomorphic Encryption Scheme. In: Paterson K.G. (ed.) Advances in Cryptology ‒ EUROCRYPT 2011. EUROCRYPT 2011. Lecture Notes in Computer Science. Vol. 6632. Springer, Berlin, Heidelberg; 2011. p. 129-148. (In Eng.) doi: https://doi.org/10.1007/978-3-642-20465-4_9
11. Brakerski Z., Gentry C., Vaikuntanathan V. (Leveled) Fully Homomorphic Encryption without Bootstrapping. ACM Transactions on Computation Theory. 2014; 6(3):13. (In Eng.) doi: https://doi.org/10.1145/2633600
12. Park H.A., Lee D.H., Lim J., Cho S.H. PPIDS: Privacy Preserving Intrusion Detection System. In: Yang C.C., et al. (eds.) Intelligence and Security Informatics. PAISI 2007. Lecture Notes in Computer Science. Vol. 4430. Springer, Berlin, Heidelberg; 2007. p. 269-274. (In Eng.) doi: https://doi.org/10.1007/978-3-540-71549-8_27
13. Domingo-Ferrer J. A new privacy homomorphism and applications. Information Processing Letters. 1996; 60(5):277-282. (In Eng.) doi: https://doi.org/10.1016/S0020-0190(96)00170-6
14. Domingo-Ferrer J. A Provably Secure Additive and Multiplicative Privacy Homomorphism. In: Chan A.H., Gligor V. (eds.). Information Security. ISC 2002. Lecture Notes in Computer Science. Vol. 2433. Springer, Berlin, Heidelberg; 2002. p. 471-483. (In Eng.) doi: https://doi.org/10.1007/3-540-45811-5_37
15. Yao A.C. Protocols for secure computations. 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982). IEEE Press, Chicago, IL, USA; 1982. p. 160-164. (In Eng.) doi: https://doi.org/10.1109/SFCS.1982.38
16. Goldreich O., Micali S., Wigderson A. How to play ANY mental game. Proceedings of the nineteenth annual ACM symposium on Theory of computing (STOC'87). Association for Computing Machinery, New York, NY, USA; 1987. p. 218-229. (In Eng.) doi: https://doi.org/10.1145/28395.28420
17. Mohassel P., Zhang Y. SecureML: A System for Scalable Privacy-Preserving Machine Learning. 2017 IEEE Symposium on Security and Privacy (SP). IEEE Press, San Jose, CA, USA; 2017. p. 19-38. (In Eng.) doi: https://doi.org/10.1109/SP.2017.12
18. Peikert C., Vaikuntanathan V., Waters B. A Framework for Efficient and Composable Oblivious Transfer. In: Wagner D. (ed.). Advances in Cryptology ‒ CRYPTO 2008. CRYPTO 2008. Lecture Notes in Computer Science. Vol. 5157. Springer, Berlin, Heidelberg; 2008. p. 554-571. (In Eng.) doi: https://doi.org/10.1007/978-3-540-85174-5_31
19. Niksefat S., Sadeghiyan B., Mohassel P., Sadeghian S. ZIDS: A Privacy-Preserving Intrusion Detection System Using Secure Two-Party Computation Protocols. The Computer Journal. 2014; 57(4):494-509. (In Eng.) doi: https://doi.org/10.1093/comjnl/bxt019
20. Fang L., Xia J. Full Security: Fuzzy Identity Based Encryption. IACR Cryptology ePrint Archive. 2008. Article number: 307. 22 p. Available at: https://eprint.iacr.org/2008/307 (accessed 15.08.2021). (In Eng.)
21. Canetti R. Universally composable security: a new paradigm for cryptographic protocols. Proceedings 42nd IEEE Symposium on Foundations of Computer Science. IEEE Press, Newport Beach, CA, USA; 2001. p. 136-145. (In Eng.) doi: https://doi.org/10.1109/SFCS.2001.959888
22. Damgard I., Geisler M., Kroigard M. Homomorphic encryption and secure comparison. International Journal of Applied Cryptography. 2008; 1(1):22-31. Available at: https://www.inderscienceonline.com/doi/abs/10.1504/IJACT.2008.017048 (accessed 15.08.2021). (In Eng.)
23. Gilad-Bachrach R., Dowlin N., Laine K., Lauter K., Naehrig M., Wernsing J. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. Proceedings of the 33rd International Conference on Machine Learning (PMLR). Vol. 48. New York, NY, USA; 2016. p. 201-210. Available at: https://proceedings.mlr.press/v48/gilad-bachrach16.html (accessed 15.08.2021). (In Eng.)
24. Dhote Y., Agrawal S., Deen A.J. A Survey on Feature Selection Techniques for Internet Traffic Classification. 2015 International Conference on Computational Intelligence and Communication Networks (CICN). IEEE Press, Jabalpur, India; 2015. p. 1375-1380. (In Eng.) doi: https://doi.org/10.1109/CICN.2015.267
25. Gao N., Gao L., Gao Q., Wang H. An Intrusion Detection Model Based on Deep Belief Networks. 2014 Second International Conference on Advanced Cloud and Big Data. IEEE Press, Huangshan, China; 2014. p. 247-252. (In Eng.) doi: https://doi.org/10.1109/CBD.2014.41
Published
2021-12-20
How to Cite
POLYANSKAYA, Marina Sergeevna. Analysis of Approaches to Detecting Attacks in Encrypted Traffic. Modern Information Technologies and IT-Education, [S.l.], v. 17, n. 4, p. 922-931, dec. 2021. ISSN 2411-1473. Available at: <http://sitito.cs.msu.ru/index.php/SITITO/article/view/802>. Date accessed: 29 jan. 2026. doi: https://doi.org/10.25559/SITITO.17.202104.922-931.
Citation Formats
Issue
Vol 17 No 4 (2021): Modern Information Technologies and IT-education
Section
Theoretical and Practical Aspects of Cybersecurity
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Publication policy of the journal is based on traditional ethical principles of the Russian scientific periodicals and is built in terms of ethical norms of editors and publishers work stated in Code of Conduct and Best Practice Guidelines for Journal Editors and Code of Conduct for Journal Publishers, developed by the Committee on Publication Ethics (COPE). In the course of publishing editorial board of the journal is led by international rules for copyright protection, statutory regulations of the Russian Federation as well as international standards of publishing. 
Authors publishing articles in this journal agree to the following: They retain copyright and grant the journal right of first publication of the work, which is automatically licensed under the Creative Commons Attribution License (CC BY license). Users can use, reuse and build upon the material published in this journal provided that such uses are fully attributed.