Analysis of Approaches to Detecting Attacks in Encrypted Traffic

Abstract

Read online

The automatic detection of network intrusions has been under active study since the 1980s. Of particular interest is the detection of attacks in encrypted web traffic, the percentage of which on the Internet is increasing. The purpose of this article was to analyze possible approaches to detecting attacks in encrypted web traffic. Section 3 analyzes approaches based on unencrypted metadata as well as alternative cryptosystems. The main methods for controlling web traffic are the signature method (based on rules) and the behavioral method (based on anomaly detection). The task of analyzing encrypted traffic is not trivial, and it will be considered in the context of the second approach. This article discusses machine learning methods suitable for solving the problem of encrypted traffic analysis, taking into account the existing practice of detecting attacks based on anomalies. Despite the great potential of cryptographic methods, the most practical approach, at the moment, is the analysis of metadata. Multilateral computing, which allows analysis of the payload of packets, but does not require conversion to alternative encryption, is also very promising.

Keywords

• intrusion detection system
• machine learning
• cryptosystems