0000000000371490
AUTHOR
Gil David
Survey: Intrusion Detection Systems in Encrypted Traffic
Intrusion detection system, IDS, traditionally inspects the payload information of packets. This approach is not valid in encrypted traffic as the payload information is not available. There are two approaches, with different detection capabilities, to overcome the challenges of encryption: traffic decryption or traffic analysis. This paper presents a comprehensive survey of the research related to the IDSs in encrypted traffic. The focus is on traffic analysis, which does not need traffic decryption. One of the major limitations of the surveyed researches is that most of them are concentrating in detecting the same limited type of attacks, such as brute force or scanning attacks. Both the …
Domain Generation Algorithm Detection Using Machine Learning Methods
A botnet is a network of private computers infected with malicious software and controlled as a group without the knowledge of the owners. Botnets are used by cybercriminals for various malicious activities, such as stealing sensitive data, sending spam, launching Distributed Denial of Service (DDoS) attacks, etc. A Command and Control (C&C) server sends commands to the compromised hosts to execute those malicious activities. In order to avoid detection, recent botnets such as Conficker, Zeus, and Cryptolocker apply a technique called Domain-Fluxing or Domain Name Generation Algorithms (DGA), in which the infected bot periodically generates and tries to resolve a large number of pseudorando…
Clustering-Based Protocol Classification via Dimensionality Reduction
We propose a unique framework that is based upon diffusion processes and other methodologies for finding meaningful geometric descriptions in high-dimensional datasets. We will show that the eigenfunctions of the generated underlying Markov matrices can be used to construct diffusion processes that generate efficient representations of complex geometric structures for high-dimensional data analysis. This is done by non-linear transformations that identify geometric patterns in these huge datasets that find the connections among them while projecting them onto low dimensional spaces. Our methods automatically classify and recognize network protocols. The main core of the proposed methodology…
Anomaly detection approach to keystroke dynamics based user authentication
Keystroke dynamics is one of the authentication mechanisms which uses natural typing pattern of a user for identification. In this work, we introduced Dependence Clustering based approach to user authentication using keystroke dynamics. In addition, we applied a k-NN-based approach that demonstrated strong results. Most of the existing approaches use only genuine users data for training and validation. We designed a cross validation procedure with artificially generated impostor samples that improves the learning process yet allows fair comparison to previous works. We evaluated the methods using the CMU keystroke dynamics benchmark dataset. Both proposed approaches outperformed the previou…
DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign
Domain Name System (DNS) plays an important role as a translation protocol in everyday use of the Internet. The purpose of DNS is to translate domain names into IP addresses and vice versa. However, its simple architecture can easily be misused for malicious activities. One huge security threat concerning DNS is tunneling, which helps attackers bypass the security systems unnoticed. A DNS tunnel can be used for three purposes: as a command and control channel, for data exfiltration or even for tunneling another protocol through it. In this paper, we surveyed different techniques for DNS tunneling detection. We classified those first based on the type of data and then within the categories b…