Towards practical intrusion detection system over encrypted traffic. (21st March 2021)
- Record Type:
- Journal Article
- Title:
- Towards practical intrusion detection system over encrypted traffic. (21st March 2021)
- Main Title:
- Towards practical intrusion detection system over encrypted traffic
- Authors:
- Canard, Sébastien
Li, Chaoyun - Abstract:
- Abstract: Privacy and data confidentiality are today at the heart of many discussions. But such data protection should not be done at the detriment of other security aspects. In the context of network traffic, intrusion detection system becomes totally blind when the traffic is encrypted, making clients again vulnerable to known attacks. To reconcile security and privacy, BlindBox and BlindIDS are proposed to perform Deep Packet Inspection over an encrypted traffic, based on two different cryptographic techniques. But, on one side, even if BlindBox is quite efficient to detect an anomalous encrypted traffic, it necessitates a very high setup time for clients and servers and does not protect the know‐how of Security Editors (SEs) working on detection rules. On the other side, BlindIDS does protect SE's market and does not introduce any latency during setup time, but is definitely not enough efficient for a practical use. Herein, it is shown that the design of a fully efficient and market‐compliant intrusion detection system over an encrypted traffic is possible. The system is based on only symmetric cryptography, and permits to encrypt a packet of 1500 bytes in about 6 μs and to test such packets with 3000 rules in less than 2 μs.
- Is Part Of:
- IET information security. Volume 15:Number 3(2021)
- Journal:
- IET information security
- Issue:
- Volume 15:Number 3(2021)
- Issue Display:
- Volume 15, Issue 3 (2021)
- Year:
- 2021
- Volume:
- 15
- Issue:
- 3
- Issue Sort Value:
- 2021-0015-0003-0000
- Page Start:
- 231
- Page End:
- 246
- Publication Date:
- 2021-03-21
- Subjects:
- Computer security -- Periodicals
Cryptography -- Periodicals
Computer networks -- Security measures -- Periodicals
Database security -- Periodicals
005.8 - Journal URLs:
- https://ietresearch.onlinelibrary.wiley.com/journal/17518717 ↗
http://digital-library.theiet.org/content/journals/iet-ifs ↗
http://www.ietdl.org/IET-IFS ↗
http://www.theiet.org/ ↗ - DOI:
- 10.1049/ise2.12017 ↗
- Languages:
- English
- ISSNs:
- 1751-8709
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4363.252660
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16369.xml