Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F21%3A10133370" target="_blank" >RIV/63839172:_____/21:10133370 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/9375998" target="_blank" >https://ieeexplore.ieee.org/document/9375998</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/CCWC51732.2021.9375998" target="_blank" >10.1109/CCWC51732.2021.9375998</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

Popis výsledku v původním jazyce

This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers&apos; host-based defenses. Moreover, the rising usage of encryption makes it more difficult to detect attacks on the network level. In our research, we created a dataset, which consists of 1.8 million extended IP flows from a backbone network combined with IP flows generated with three popular open-source brute-forcing tools. We identified a distinctive packet-level feature set and trained a machine-learning classifier with a false positive rate of 10^-4 and a true positive rate (the ratio of discovered attacks) of 0.938. The achieved results surpass the state-of-the-art solutions and show that the developed HTTPS brute-force detection algorithm is viable for production deployment.

Název v anglickém jazyce

Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

Popis výsledku anglicky

This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers&apos; host-based defenses. Moreover, the rising usage of encryption makes it more difficult to detect attacks on the network level. In our research, we created a dataset, which consists of 1.8 million extended IP flows from a backbone network combined with IP flows generated with three popular open-source brute-forcing tools. We identified a distinctive packet-level feature set and trained a machine-learning classifier with a false positive rate of 10^-4 and a true positive rate (the ratio of discovered attacks) of 0.938. The achieved results surpass the state-of-the-art solutions and show that the developed HTTPS brute-force detection algorithm is viable for production deployment.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

—

Návaznosti

R - Projekt Ramcoveho programu EK

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

11th Annual Computing and Communication Workshop and Conference (CCWC2021)

ISBN

978-1-66541-490-6

ISSN

—

e-ISSN

—

Počet stran výsledku

9

Strana od-do

114-122

Název nakladatele

IEEE

Místo vydání

Piscataway , USA

Místo konání akce

Las Vegas, Spojené státy americké

Datum konání akce

27. 1. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000668575500019