6533b7dbfe1ef96bd126ff60

RESEARCH PRODUCT

Survey: Intrusion Detection Systems in Encrypted Traffic

Timo HämäläinenGil DavidTiina Kovanen

subject

Focus (computing)Traffic analysisNetwork packetComputer sciencebusiness.industryComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS05 social sciencesPayload (computing)020206 networking & telecommunications02 engineering and technologyIntrusion detection systemComputer securitycomputer.software_genreEncryptionSet (abstract data type)Brute force0202 electrical engineering electronic engineering information engineering0501 psychology and cognitive sciencesbusinesscomputer050104 developmental & child psychology

description

Intrusion detection system, IDS, traditionally inspects the payload information of packets. This approach is not valid in encrypted traffic as the payload information is not available. There are two approaches, with different detection capabilities, to overcome the challenges of encryption: traffic decryption or traffic analysis. This paper presents a comprehensive survey of the research related to the IDSs in encrypted traffic. The focus is on traffic analysis, which does not need traffic decryption. One of the major limitations of the surveyed researches is that most of them are concentrating in detecting the same limited type of attacks, such as brute force or scanning attacks. Both the security enhancements to be derived from using the IDS and the security challenges introduced by the encrypted traffic are discussed. By categorizing the existing work, a set of conclusions and proposals for future research directions are presented.

yearjournalcountryeditionlanguage
2016-01-01
https://doi.org/10.1007/978-3-319-46301-8_23