Head(er)Hunter: Fast Intrusion Detection using Packet Metadata Signatures

Papadogiannaki, Eva; Deyannis, Dimitris; Ioannidis, Sotiris

doi:10.1109/camad50429.2020.9209308

Cited by 9 publications

(9 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Papadogiannaki et al [113,115] perform network intrusion detection by generating signatures from packet metadata sequences. They evaluate their methodology using the UNSW-NB15 dataset [104] that contains network traffic traces for numerous attacks.…”

Section: Intrusion Detectionmentioning

confidence: 99%

“…Finally, Moustafa and Slay [104] build and make publicly available a handy dataset for network intrusion detection systems, namely, UNSW-NB15 [10]. This dataset is used for evaluation in [113,115]. As Anderson and McGrew [33] correctly point out, finding the most proper features for classification with high accuracy, recall, and precision, is not a trivial procedure, while it is highly dependable on the ground-truth dataset collection that is available each time.…”

Section: Datasetsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

2021

Self Cite

View full text Add to dashboard Cite

The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.

show abstract

Section: Intrusion Detectionmentioning

confidence: 99%

Section: Datasetsmentioning

confidence: 99%

A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…The contributions of this work are the following: (This is an extended version of the paper "Head (er) Hunter: Fast Intrusion Detection using Packet Metadata Signa-tures" [14] that was published in the proceedings of the 2020 IEEE 25th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)):…”

Section: Incoming Traffic Collection Traffic Inspection Intrusion Detmentioning

confidence: 99%

“…The contributions of this work are the following: (This is an extended version of the paper “Head (er) Hunter: Fast Intrusion Detection using Packet Metadata Signatures” [ 14 ] that was published in the proceedings of the 2020 IEEE 25th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)): We generate signatures for intrusion detection using strictly packet metadata extracted from packet headers, making our engine suitable for encrypted network traffic. More specifically, we focus on packet payload size and packet direction.…”

Section: Introductionmentioning

confidence: 99%

Acceleration of Intrusion Detection in Encrypted Network Traffic Using Heterogeneous Hardware

Papadogiannaki

Ioannidis

2021

Sensors

Self Cite

View full text Add to dashboard Cite

More than 75% of Internet traffic is now encrypted, and this percentage is constantly increasing. The majority of communications are secured using common encryption protocols such as SSL/TLS and IPsec to ensure security and protect the privacy of Internet users. However, encryption can be exploited to hide malicious activities, camouflaged into normal network traffic. Traditionally, network traffic inspection is based on techniques like deep packet inspection (DPI). Common applications for DPI include but are not limited to firewalls, intrusion detection and prevention systems, L7 filtering, and packet forwarding. With the widespread adoption of network encryption though, DPI tools that rely on packet payload content are becoming less effective, demanding the development of more sophisticated techniques in order to adapt to current network encryption trends. In this work, we present HeaderHunter, a fast signature-based intrusion detection system even for encrypted network traffic. We generate signatures using only network packet metadata extracted from packet headers. In addition, we examine the processing acceleration of the intrusion detection engine using different heterogeneous hardware architectures.

show abstract

“…Network monitoring and security -Main lecture and educational material -Emulation of a virtual lab for secure network configuration and monitoring of networking traffic with the tool Head(er) Hunter [43] Networking manipulation and attacks, as well as secure configuration, administration, and operation, with a focus on continuous traffic monitoring and classification.…”

Section: The Iot-enabled Smart Home Use Case 61 Outlinementioning

confidence: 99%

CYRA: A Model-Driven CYber Range Assurance Platform

et al. 2021

Self Cite

View full text Add to dashboard Cite

Digital technologies are facilitating our daily activities, and thus leading to the social transformation with the upcoming 5G communications and the Internet of Things. However, mainstream and sophisticated attacks are remaining a threat, both for individuals and organisations. Cyber Range emerges as a promising solution to effectively train people in cybersecurity aspects. A Training Programme is considered adequate only if it can adapt to the scope of the attacks they cover and if the trainees apply the learning material to the operational system. Therefore, this study introduces the model-driven CYber Range Assurance platform (CYRA). The solution allows a trainee to be trained for known and new cyber-attacks by adapting to the continuously evolving threat landscape and examines if the trainees transfer the acquired knowledge to the working environment. Furthermore, this paper presents a use case on an operational backend ICT system, showing how the CYRA platform was utilised to increase the security posture of the organisation.

show abstract

Head(er)Hunter: Fast Intrusion Detection using Packet Metadata Signatures

Cited by 9 publications

References 21 publications

A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

Acceleration of Intrusion Detection in Encrypted Network Traffic Using Heterogeneous Hardware

CYRA: A Model-Driven CYber Range Assurance Platform

Contact Info

Product

Resources

About