Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F21%3A00346587" target="_blank" >RIV/68407700:21240/21:00346587 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1109/CCWC51732.2021.9375998" target="_blank" >https://doi.org/10.1109/CCWC51732.2021.9375998</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/CCWC51732.2021.9375998" target="_blank" >10.1109/CCWC51732.2021.9375998</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

Popis výsledku v původním jazyce

This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers' host-based defenses. Moreover, the rising usage of encryption makes it more difficult to detect attacks on the network level. In our research, we created a dataset, which consists of 1.8 million extended IP flows from a backbone network combined with IP flows generated with three popular open-source brute-forcing tools. We identified a distinctive packet-level feature set and trained a machine-learning classifier with a false positive rate of 10^-4 and a true positive rate (the ratio of discovered attacks) of 0.938. The achieved results surpass the state-of-the-art solutions and show that the developed HTTPS brute-force detection algorithm is viable for production deployment.

Název v anglickém jazyce

Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

Popis výsledku anglicky

This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers' host-based defenses. Moreover, the rising usage of encryption makes it more difficult to detect attacks on the network level. In our research, we created a dataset, which consists of 1.8 million extended IP flows from a backbone network combined with IP flows generated with three popular open-source brute-forcing tools. We identified a distinctive packet-level feature set and trained a machine-learning classifier with a false positive rate of 10^-4 and a true positive rate (the ratio of discovered attacks) of 0.938. The achieved results surpass the state-of-the-art solutions and show that the developed HTTPS brute-force detection algorithm is viable for production deployment.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

11th Annual Computing and Communication Workshop and Conference (CCWC2021)

ISBN

978-0-7381-4394-1

ISSN

—

e-ISSN

—

Počet stran výsledku

9

Strana od-do

0115-0123

Název nakladatele

IEEE

Místo vydání

Piscataway (New Jersey)

Místo konání akce

Las Vegas

Datum konání akce

27. 1. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000668575500019