0000000000371490

AUTHOR

Gil David

showing 5 related works from this author

Survey: Intrusion Detection Systems in Encrypted Traffic

2016

Intrusion detection system, IDS, traditionally inspects the payload information of packets. This approach is not valid in encrypted traffic as the payload information is not available. There are two approaches, with different detection capabilities, to overcome the challenges of encryption: traffic decryption or traffic analysis. This paper presents a comprehensive survey of the research related to the IDSs in encrypted traffic. The focus is on traffic analysis, which does not need traffic decryption. One of the major limitations of the surveyed researches is that most of them are concentrating in detecting the same limited type of attacks, such as brute force or scanning attacks. Both the …

Focus (computing)Traffic analysisNetwork packetComputer sciencebusiness.industryComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS05 social sciencesPayload (computing)020206 networking & telecommunications02 engineering and technologyIntrusion detection systemComputer securitycomputer.software_genreEncryptionSet (abstract data type)Brute force0202 electrical engineering electronic engineering information engineering0501 psychology and cognitive sciencesbusinesscomputer050104 developmental & child psychology
researchProduct

Domain Generation Algorithm Detection Using Machine Learning Methods

2018

A botnet is a network of private computers infected with malicious software and controlled as a group without the knowledge of the owners. Botnets are used by cybercriminals for various malicious activities, such as stealing sensitive data, sending spam, launching Distributed Denial of Service (DDoS) attacks, etc. A Command and Control (C&C) server sends commands to the compromised hosts to execute those malicious activities. In order to avoid detection, recent botnets such as Conficker, Zeus, and Cryptolocker apply a technique called Domain-Fluxing or Domain Name Generation Algorithms (DGA), in which the infected bot periodically generates and tries to resolve a large number of pseudorando…

Pseudorandom number generatorDomain generation algorithmAlphanumericComputer sciencebusiness.industryDomain Name SystemComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSBotnetDenial-of-service attackMachine learningcomputer.software_genreComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMSCryptoLockerMalwareArtificial intelligencebusinesscomputer
researchProduct

Clustering-Based Protocol Classification via Dimensionality Reduction

2015

We propose a unique framework that is based upon diffusion processes and other methodologies for finding meaningful geometric descriptions in high-dimensional datasets. We will show that the eigenfunctions of the generated underlying Markov matrices can be used to construct diffusion processes that generate efficient representations of complex geometric structures for high-dimensional data analysis. This is done by non-linear transformations that identify geometric patterns in these huge datasets that find the connections among them while projecting them onto low dimensional spaces. Our methods automatically classify and recognize network protocols. The main core of the proposed methodology…

Mahalanobis distanceMarkov chainbusiness.industryComputer scienceDimensionality reductionParameterized complexityPattern recognitionArtificial intelligenceConstruct (python library)businessFlow networkCluster analysisCommunications protocol
researchProduct

Anomaly detection approach to keystroke dynamics based user authentication

2017

Keystroke dynamics is one of the authentication mechanisms which uses natural typing pattern of a user for identification. In this work, we introduced Dependence Clustering based approach to user authentication using keystroke dynamics. In addition, we applied a k-NN-based approach that demonstrated strong results. Most of the existing approaches use only genuine users data for training and validation. We designed a cross validation procedure with artificially generated impostor samples that improves the learning process yet allows fair comparison to previous works. We evaluated the methods using the CMU keystroke dynamics benchmark dataset. Both proposed approaches outperformed the previou…

ta113AuthenticationpääsynvalvontaComputer scienceaccess control02 engineering and technologycomputer.software_genreKeystroke dynamicstodentaminen020204 information systems0202 electrical engineering electronic engineering information engineeringBenchmark (computing)Unsupervised learningauthentication020201 artificial intelligence & image processingAnomaly detectionData miningtietoturvadata securitycomputer
researchProduct

DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign

2017

Domain Name System (DNS) plays an important role as a translation protocol in everyday use of the Internet. The purpose of DNS is to translate domain names into IP addresses and vice versa. However, its simple architecture can easily be misused for malicious activities. One huge security threat concerning DNS is tunneling, which helps attackers bypass the security systems unnoticed. A DNS tunnel can be used for three purposes: as a command and control channel, for data exfiltration or even for tunneling another protocol through it. In this paper, we surveyed different techniques for DNS tunneling detection. We classified those first based on the type of data and then within the categories b…

DNS tunneling detectionSIMPLE (military communications protocol)business.industryComputer scienceDomain Name SystemComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS020206 networking & telecommunications02 engineering and technologyComputer securitycomputer.software_genreDomain (software engineering)protokollat0202 electrical engineering electronic engineering information engineeringAPT020201 artificial intelligence & image processingThe Internetcovert channels detectiontietoturvabusinesscomputerProtocol (object-oriented programming)
researchProduct