0000000000371491

AUTHOR

Tiina Kovanen

showing 2 related works from this author

Survey: Intrusion Detection Systems in Encrypted Traffic

2016

Intrusion detection system, IDS, traditionally inspects the payload information of packets. This approach is not valid in encrypted traffic as the payload information is not available. There are two approaches, with different detection capabilities, to overcome the challenges of encryption: traffic decryption or traffic analysis. This paper presents a comprehensive survey of the research related to the IDSs in encrypted traffic. The focus is on traffic analysis, which does not need traffic decryption. One of the major limitations of the surveyed researches is that most of them are concentrating in detecting the same limited type of attacks, such as brute force or scanning attacks. Both the …

Focus (computing)Traffic analysisNetwork packetComputer sciencebusiness.industryComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS05 social sciencesPayload (computing)020206 networking & telecommunications02 engineering and technologyIntrusion detection systemComputer securitycomputer.software_genreEncryptionSet (abstract data type)Brute force0202 electrical engineering electronic engineering information engineering0501 psychology and cognitive sciencesbusinesscomputer050104 developmental & child psychology
researchProduct

Honeypot Utilization for Network Intrusion Detection

2018

For research purposes, a honeypot is a system that enables observing attacker’s actions in different phases of a cyberattack. In this study, a honeypot called Kippo was used to identify attack behavior in Finland. The gathered data consisted of dictionary attack login attempts, attacker location, and actions after successful login. From the data, attacker behavior was analyzed. Differentiating bots from human actors, linking scanning activity to further attack steps, and identifying malware and tracking malware sites were all done. The knowledge gained could be used to enhance an organization’s cyber resiliency by identifying attacker motivations and the tools used. Automating analysis of h…

Software_OPERATINGSYSTEMSDictionary attackHoneypotComputer science020206 networking & telecommunications02 engineering and technology021001 nanoscience & nanotechnologycomputer.software_genreComputer securityLoginComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS0202 electrical engineering electronic engineering information engineeringMalwareNetwork intrusion detection0210 nano-technologycomputerSecurity system
researchProduct